WiredWX Hobby Weather ToolsLog in

 


I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer

2 posters

descriptionI Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer EmptyI Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer

more_horiz
Hi,

I am a tad confused, I am not sure whether these are still on my computer or whether they were really there to start with , I dont know enough to get me out of trouble, Can you please steer me in the right direction.

I operate on XP, I use IE8 and now have Firefox as well.

My problem started 5 days ago, where all my browser pages did not exist, the only page I could get to was my Netbank page (which I did not use) I had Norton 360 installed but what ever happened , Norton did not tell me there was an issue, until the next day I saw Norton was not on nor could I open it.
I have spoken to Norton & my provider, they cannot seem to help me. The Symantec support window that Norton tried to help me with wont go away. I was working in Safemode Networking I managed to download Firefox and AVG to try and do a scan, which I managed to do. I constantly get System Volume Information alerts which I know has to do with restore points, but I have tried to turn this off but the facility to do so is not there. AVG today has told me my free 30 day trial has expired, I only put it on 4 days ago. Everytime I start my computer it tells me I am missing some local files
I have ran Malwarebytes which said I had 13 issues, I also ran Superantispyware which told me I had 149 issues. But if I run the Microsoft Malacious software tool it tells me I have nothing Sad tearing
I can not do a recovery as I get a blue screen to tell me I have a virus.

I can open browser pages now, but if an email comes in I get a error message from microsoft to advise the of the error if I hit send everything shuts down and will pop open again saying the pages does not exist.
I hope that makes sense

I hope you can help,
Raelene Right On!

descriptionI Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer EmptyRe: I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionI Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer EmptyRe: I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer

more_horiz
ok will do

descriptionI Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer EmptyRe: I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer

more_horiz
OTL Extras logfile created on: 18/11/2010 10:55:50 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 400.96 Gb Free Space | 86.09% Space Free | Partition Type: NTFS
Drive D: | 508.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.41 Gb Total Space | 6.81 Gb Free Space | 91.92% Space Free | Partition Type: FAT32

Computer Name: OWNER-992EE0177 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1272:TCP" = 1272:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials -- (Nero AG)
"C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe" = C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe:*:Enabled:Acrobat Reader 5.0 -- (Adobe Systems Incorporated)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- File not found
"C:\WINDOWS\LMIB7.tmp\lmi_rescue.exe" = C:\WINDOWS\LMIB7.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS55.tmp\SymNRT.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS55.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01CD4D3B-6D8D-48B5-9193-C3AE522A6574}" = Samsung PC Studio 3
"{029F5E98-6E5D-42E9-BCC7-2A6433AB99EF}" = 3100
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{055A0044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{098F0462-A6D9-4FB4-87B0-0F46BF0E7EFB}" = The Incredibles
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{1330F885-F8E4-4c36-9B88-E19F82042C06}" = 3100_3200_3300trb
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Photo Premium 10
"{433A39B0-380C-4634-93FE-12A812954F5B}" = BigPond Broadband ADSL
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{5399ACAF-7B15-43D5-9233-4E797B184FD2}" = AVIVO
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{64F67489-76BB-4CDD-A236-F954BE774B35}" = NVIDIA PhysX
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66EBD70F-A42C-475F-AEDF-277378151033}" = Nero 7 Essentials
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPOREâ„¢
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}" = PC Connectivity Solution
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEA2FF8E-50A3-4C6D-955E-5632C881753F}" = NetComm NB6 Series ADSL2+ Router USB Driver
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPOREâ„¢ Creepy & Cute Parts Pack
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F1931CAB-C7DD-4825-8A58-BC5278805200}" = 3100_3200_3300_Help
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"0D5BC5DD5940677F9B5623C12951388F5EF72436" = Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007)
"54C387968987D0308E3C2F0A5D723BC3CB8926B9" = Windows Driver Package - 2Wire (2WIREPCP) Net (09/18/2002 1.4.0.5)
"84261EAEDFA5240ACFFEDFB145134E295B649795" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3)
"8ABEA6D4578549FADD34471076DFC5C22976C6D9" = Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EDE780BB5DCF2C3476C105BAE4CC1175516E9173" = Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Wizard 2008_is1" = PC Wizard 2008.1.81
"PictureItPrem_v10" = Microsoft Photo Premium 10
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Script" = Microsoft Windows Script 5.7
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/10/2010 8:28:09 PM | Computer Name = OWNER-992EE0177 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application outlook.exe, version 11.0.8325.0, stamp 4bf591af,
faulting module avgoutlookx.dll, version 10.0.0.1114, stamp 4c9012df, debug? 0,
fault address 0x00007a43.

Error - 16/10/2010 8:51:55 PM | Computer Name = OWNER-992EE0177 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application outlook.exe, version 11.0.8325.0, stamp 4bf591af,
faulting module avgoutlookx.dll, version 10.0.0.1114, stamp 4c9012df, debug? 0,
fault address 0x00007a43.

Error - 16/10/2010 11:11:28 PM | Computer Name = OWNER-992EE0177 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application outlook.exe, version 11.0.8325.0, stamp 4bf591af,
faulting module avgoutlookx.dll, version 10.0.0.1114, stamp 4c9012df, debug? 0,
fault address 0x00007a43.

Error - 17/10/2010 1:40:51 AM | Computer Name = OWNER-992EE0177 | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 6.0.1 -- Setup has detected that you already
have a more functional product installed. Setup will now terminate.

Error - 17/10/2010 5:09:25 AM | Computer Name = OWNER-992EE0177 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application outlook.exe, version 11.0.8325.0, stamp 4bf591af,
faulting module avgoutlookx.dll, version 10.0.0.1114, stamp 4c9012df, debug? 0,
fault address 0x00007a43.

Error - 17/10/2010 7:16:21 AM | Computer Name = OWNER-992EE0177 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application outlook.exe, version 11.0.8325.0, stamp 4bf591af,
faulting module avgoutlookx.dll, version 10.0.0.1114, stamp 4c9012df, debug? 0,
fault address 0x00007a43.

Error - 17/11/2010 8:34:38 AM | Computer Name = OWNER-992EE0177 | Source = MsiInstaller | ID = 11402
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402.
Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
Verify that you have sufficient permissions to access the registry or contact
Microsoft Product Support Services (PSS) for assistance. For information about
how to contact PSS, see C:\Program Files\Microsoft Office\OFFICE11\1033\PSS10R.CHM.

Error - 17/11/2010 8:34:53 AM | Computer Name = OWNER-992EE0177 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security
Update for Excel 2003 (KB2344893): EXCEL' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 17/11/2010 8:35:08 AM | Computer Name = OWNER-992EE0177 | Source = MsiInstaller | ID = 11402
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402.
Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
Verify that you have sufficient permissions to access the registry or contact
Microsoft Product Support Services (PSS) for assistance. For information about
how to contact PSS, see C:\Program Files\Microsoft Office\OFFICE11\1033\PSS10R.CHM.

Error - 17/11/2010 8:35:11 AM | Computer Name = OWNER-992EE0177 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security
Update for Office 2003 (KB982311): MSO' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

[ OSession Events ]
Error - 13/10/2010 2:27:08 AM | Computer Name = OWNER-992EE0177 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 69
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 15/10/2010 9:53:51 AM | Computer Name = OWNER-992EE0177 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2344893).

Error - 15/10/2010 9:54:09 AM | Computer Name = OWNER-992EE0177 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office 2003 (KB982311).

Error - 16/10/2010 3:29:26 AM | Computer Name = OWNER-992EE0177 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 16/10/2010 12:01:06 PM | Computer Name = OWNER-992EE0177 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2344893).

Error - 16/10/2010 12:01:41 PM | Computer Name = OWNER-992EE0177 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office 2003 (KB982311).

Error - 17/11/2010 8:34:57 AM | Computer Name = OWNER-992EE0177 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2344893).

Error - 17/11/2010 4:47:29 PM | Computer Name = OWNER-992EE0177 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 17/11/2010 4:47:42 PM | Computer Name = OWNER-992EE0177 | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -2678401 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|10.0.0.3:123->207.46.197.32:123) is working
properly.

Error - 17/11/2010 5:26:46 PM | Computer Name = OWNER-992EE0177 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 17/11/2010 6:09:55 PM | Computer Name = OWNER-992EE0177 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE


< End of report >

descriptionI Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer EmptyRe: I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer

more_horiz
OTL Extras logfile created on: 18/11/2010 10:55:50 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 400.96 Gb Free Space | 86.09% Space Free | Partition Type: NTFS
Drive D: | 508.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.41 Gb Total Space | 6.81 Gb Free Space | 91.92% Space Free | Partition Type: FAT32

Computer Name: OWNER-992EE0177 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableConfig" = 0
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1272:TCP" = 1272:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials -- (Nero AG)
"C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe" = C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe:*:Enabled:Acrobat Reader 5.0 -- (Adobe Systems Incorporated)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- File not found
"C:\WINDOWS\LMIB7.tmp\lmi_rescue.exe" = C:\WINDOWS\LMIB7.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- File not found
"C:\Documents and Settings\Owner\Local Settings\Temp\7zS55.tmp\SymNRT.exe" = C:\Documents and Settings\Owner\Local Settings\Temp\7zS55.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01CD4D3B-6D8D-48B5-9193-C3AE522A6574}" = Samsung PC Studio 3
"{029F5E98-6E5D-42E9-BCC7-2A6433AB99EF}" = 3100
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{055A0044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{098F0462-A6D9-4FB4-87B0-0F46BF0E7EFB}" = The Incredibles
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{1330F885-F8E4-4c36-9B88-E19F82042C06}" = 3100_3200_3300trb
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EEC2A94-7204-45C6-93BB-67EAEB19E4D6}" = Safari
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Photo Premium 10
"{433A39B0-380C-4634-93FE-12A812954F5B}" = BigPond Broadband ADSL
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{5399ACAF-7B15-43D5-9233-4E797B184FD2}" = AVIVO
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{606BC780-101C-41DB-808D-4539BFA0774A}" = MobileMe Control Panel
"{64F67489-76BB-4CDD-A236-F954BE774B35}" = NVIDIA PhysX
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66EBD70F-A42C-475F-AEDF-277378151033}" = Nero 7 Essentials
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPOREâ„¢
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}" = PC Connectivity Solution
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEA2FF8E-50A3-4C6D-955E-5632C881753F}" = NetComm NB6 Series ADSL2+ Router USB Driver
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPOREâ„¢ Creepy & Cute Parts Pack
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2A0F8F4-CE50-4857-A21C-3061682B2E87}" = Sansa Media Converter
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F1931CAB-C7DD-4825-8A58-BC5278805200}" = 3100_3200_3300_Help
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"0D5BC5DD5940677F9B5623C12951388F5EF72436" = Windows Driver Package - NETGEAR Inc. (RTLWUSB) Net (02/07/2007 5.1283.0207.2007)
"54C387968987D0308E3C2F0A5D723BC3CB8926B9" = Windows Driver Package - 2Wire (2WIREPCP) Net (09/18/2002 1.4.0.5)
"84261EAEDFA5240ACFFEDFB145134E295B649795" = Windows Driver Package - Thomson (USB_RNDIS) Net (02/16/2004 1.0.0.3)
"8ABEA6D4578549FADD34471076DFC5C22976C6D9" = Windows Driver Package - Atheros (arusb(Atheros)) Net (09/23/2008 3.0.0.131)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EDE780BB5DCF2C3476C105BAE4CC1175516E9173" = Windows Driver Package - NETGEAR (W8335XP) Net (02/22/2005 3.1.1.7)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 2.0
"HP Document Viewer" = HP Document Viewer 5.3
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Wizard 2008_is1" = PC Wizard 2008.1.81
"PictureItPrem_v10" = Microsoft Photo Premium 10
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Script" = Microsoft Windows Script 5.7
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/10/2010 8:28:09 PM | Computer Name = OWNER-992EE0177 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application outlook.exe, version 11.0.8325.0, stamp 4bf591af,
faulting module avgoutlookx.dll, version 10.0.0.1114, stamp 4c9012df, debug? 0,
fault address 0x00007a43.

Error - 16/10/2010 8:51:55 PM | Computer Name = OWNER-992EE0177 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application outlook.exe, version 11.0.8325.0, stamp 4bf591af,
faulting module avgoutlookx.dll, version 10.0.0.1114, stamp 4c9012df, debug? 0,
fault address 0x00007a43.

Error - 16/10/2010 11:11:28 PM | Computer Name = OWNER-992EE0177 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application outlook.exe, version 11.0.8325.0, stamp 4bf591af,
faulting module avgoutlookx.dll, version 10.0.0.1114, stamp 4c9012df, debug? 0,
fault address 0x00007a43.

Error - 17/10/2010 1:40:51 AM | Computer Name = OWNER-992EE0177 | Source = MsiInstaller | ID = 1013
Description = Product: Adobe Reader 6.0.1 -- Setup has detected that you already
have a more functional product installed. Setup will now terminate.

Error - 17/10/2010 5:09:25 AM | Computer Name = OWNER-992EE0177 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application outlook.exe, version 11.0.8325.0, stamp 4bf591af,
faulting module avgoutlookx.dll, version 10.0.0.1114, stamp 4c9012df, debug? 0,
fault address 0x00007a43.

Error - 17/10/2010 7:16:21 AM | Computer Name = OWNER-992EE0177 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application outlook.exe, version 11.0.8325.0, stamp 4bf591af,
faulting module avgoutlookx.dll, version 10.0.0.1114, stamp 4c9012df, debug? 0,
fault address 0x00007a43.

Error - 17/11/2010 8:34:38 AM | Computer Name = OWNER-992EE0177 | Source = MsiInstaller | ID = 11402
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402.
Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
Verify that you have sufficient permissions to access the registry or contact
Microsoft Product Support Services (PSS) for assistance. For information about
how to contact PSS, see C:\Program Files\Microsoft Office\OFFICE11\1033\PSS10R.CHM.

Error - 17/11/2010 8:34:53 AM | Computer Name = OWNER-992EE0177 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security
Update for Excel 2003 (KB2344893): EXCEL' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

Error - 17/11/2010 8:35:08 AM | Computer Name = OWNER-992EE0177 | Source = MsiInstaller | ID = 11402
Description = Product: Microsoft Office Professional Edition 2003 -- Error 1402.
Setup cannot open the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS.
Verify that you have sufficient permissions to access the registry or contact
Microsoft Product Support Services (PSS) for assistance. For information about
how to contact PSS, see C:\Program Files\Microsoft Office\OFFICE11\1033\PSS10R.CHM.

Error - 17/11/2010 8:35:11 AM | Computer Name = OWNER-992EE0177 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Professional Edition 2003 - Update 'Security
Update for Office 2003 (KB982311): MSO' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft.com/fwlink/?LinkId=23127

[ OSession Events ]
Error - 13/10/2010 2:27:08 AM | Computer Name = OWNER-992EE0177 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 69
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 15/10/2010 9:53:51 AM | Computer Name = OWNER-992EE0177 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2344893).

Error - 15/10/2010 9:54:09 AM | Computer Name = OWNER-992EE0177 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office 2003 (KB982311).

Error - 16/10/2010 3:29:26 AM | Computer Name = OWNER-992EE0177 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 16/10/2010 12:01:06 PM | Computer Name = OWNER-992EE0177 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2344893).

Error - 16/10/2010 12:01:41 PM | Computer Name = OWNER-992EE0177 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office 2003 (KB982311).

Error - 17/11/2010 8:34:57 AM | Computer Name = OWNER-992EE0177 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2344893).

Error - 17/11/2010 4:47:29 PM | Computer Name = OWNER-992EE0177 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 17/11/2010 4:47:42 PM | Computer Name = OWNER-992EE0177 | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -2678401 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|10.0.0.3:123->207.46.197.32:123) is working
properly.

Error - 17/11/2010 5:26:46 PM | Computer Name = OWNER-992EE0177 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 17/11/2010 6:09:55 PM | Computer Name = OWNER-992EE0177 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE


< End of report >

descriptionI Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer EmptyRe: I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer

more_horiz
I hope thats right

descriptionI Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer EmptyRe: I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer

more_horiz
OTL logfile created on: 18/11/2010 10:55:50 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 400.96 Gb Free Space | 86.09% Space Free | Partition Type: NTFS
Drive D: | 508.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 7.41 Gb Total Space | 6.81 Gb Free Space | 91.92% Space Free | Partition Type: FAT32

Computer Name: OWNER-992EE0177 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/18 10:09:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/10/12 17:28:07 | 001,738,544 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\LMI1.tmp\lmi_rescue.exe
PRC - [2010/09/29 01:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/08/24 20:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 20:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/08/13 13:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/13 15:36:44 | 000,066,848 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeServices.exe
PRC - [2008/06/10 05:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/06/01 16:22:56 | 000,177,448 | R--- | M] (Authentium, Inc.) -- c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/06/01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/05/12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe


========== Modules (SafeList) ==========

MOD - [2010/11/18 10:09:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/10/12 17:28:07 | 000,177,464 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\LMI1.tmp\rahook.dll
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 11:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/14 11:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/14 11:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/14 11:12:06 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmpapi.dll
MOD - [2008/04/14 11:12:04 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rtutils.dll
MOD - [2008/04/14 11:12:03 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rassapi.dll
MOD - [2008/04/14 11:11:57 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mprapi.dll
MOD - [2008/04/14 11:11:55 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/14 11:11:55 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetmib1.dll
MOD - [2008/04/14 11:11:48 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\activeds.dll
MOD - [2008/04/14 11:11:48 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\adsldpc.dll
MOD - [2008/04/14 11:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/24 20:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/08/13 13:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/06/01 16:22:56 | 000,177,448 | R--- | M] (Authentium, Inc.) [Auto | Running] -- c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe -- (dvpapi)
SRV - [2007/12/10 13:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\SBREdrv.sys -- (SBRE)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/05/25 18:27:11 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/05/25 18:27:11 | 000,033,384 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rsvcdwdr.sys -- (rsvcdwdr)
DRV - [2010/05/11 05:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 05:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2009/12/04 12:33:50 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009/04/03 11:18:26 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/07/29 11:42:34 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/06/01 15:58:30 | 000,750,904 | ---- | M] (Authentium, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Css-Dvp.sys -- (CSS DVP)
DRV - [2008/04/14 05:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/14 05:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 03:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/11 19:12:44 | 000,035,328 | ---- | M] (Livescribe) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SmartpenCom.sys -- (SmartpenCom)
DRV - [2008/02/11 19:12:40 | 000,038,528 | ---- | M] (Livescribe) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SmartpenBus.sys -- (SmartpenBus)
DRV - [2007/12/01 12:33:14 | 000,055,016 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2007/12/01 12:32:54 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MfeRKDK.sys -- (MfeRKDK)
DRV - [2007/12/01 12:32:26 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/12/01 12:32:06 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MfeBOPK.sys -- (MfeBOPK)
DRV - [2007/12/01 12:32:00 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MfeAVFK.sys -- (MfeAVFK)
DRV - [2007/09/29 03:06:00 | 002,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/07/03 17:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 17:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 17:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2006/12/29 03:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/11/30 14:58:42 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44unic.sys -- (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM)
DRV - [2006/11/30 14:58:34 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44obex.sys -- (se44obex)
DRV - [2006/11/30 14:58:32 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44nd5.sys -- (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS)
DRV - [2006/11/30 14:58:30 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mgmt.sys -- (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM)
DRV - [2006/11/30 14:58:26 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mdm.sys -- (se44mdm)
DRV - [2006/11/30 14:58:24 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44mdfl.sys -- (se44mdfl)
DRV - [2006/11/30 14:58:18 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se44bus.sys -- (se44bus) Sony Ericsson Device 068 driver (WDM)
DRV - [2006/11/03 12:32:30 | 004,394,496 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/25 02:46:48 | 000,031,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Owner\Local Settings\Temp\lredbooo.sys -- (lredbooo)
DRV - [2006/08/15 00:09:48 | 000,083,200 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://babelfish.iamwired.net/search.php?src=tops&q="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://babelfish.iamwired.net/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1114
FF - prefs.js..keyword.URL: "http://babelfish.iamwired.net/search.php?src=tops&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/08/08 21:50:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/13 15:29:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/18 09:27:34 | 000,000,000 | ---D | M]

[2010/10/13 17:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/04/08 22:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/05/21 09:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/11/18 07:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\31r69qlh.default\extensions
[2010/10/13 19:17:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\31r69qlh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/03/09 23:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\31r69qlh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/09 23:04:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\31r69qlh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}(2)
[2009/03/09 23:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\31r69qlh.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(2)
[2008/09/17 15:52:39 | 000,001,786 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\31r69qlh.default\searchplugins\live-search.xml
[2010/03/17 17:40:25 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\31r69qlh.default\searchplugins\Search.xml
[2010/11/18 09:27:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/07/07 16:11:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/11/18 09:27:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/18 09:27:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/15 08:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/15 08:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/15 08:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/15 08:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/09/29 01:21:40 | 000,625,781 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll File not found
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} http://files.authentium.com/bigpond/364106b/bin/wizard.exe (CNavigationManager Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1214913844468 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212043678265 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab (CPlayFirstddfotgControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/06 12:05:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/16 20:15:31 | 000,000,060 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5460202c-2fb4-11dd-8603-00196651b82e}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe -- File not found
O33 - MountPoints2\{5460202c-2fb4-11dd-8603-00196651b82e}\Shell\open\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe -- File not found
O33 - MountPoints2\{8f11cbb6-95a9-11dd-8696-00196651b82e}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe -- File not found
O33 - MountPoints2\{8f11cbb6-95a9-11dd-8696-00196651b82e}\Shell\open\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/18 10:09:50 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/18 09:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/11/18 09:27:34 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/18 08:06:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/18 08:06:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/18 08:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/06/02 22:09:49 | 000,062,910 | ---- | C] ($PROGRAMNAME) -- C:\Program Files\Uninstall.exe
[2008/04/08 13:00:21 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/18 10:19:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/18 10:09:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/18 09:27:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/11/18 09:27:22 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/18 09:27:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/18 09:27:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/18 09:27:22 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/11/18 09:09:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/18 08:06:50 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/18 07:58:49 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/11/18 07:47:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[20 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/18 08:06:50 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/18 07:58:49 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/13 09:58:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2010/10/11 20:22:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\x28pyunxj2cb7soi0cd8aazb.ini
[2010/10/10 18:08:17 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys
[2010/09/13 14:06:59 | 000,001,386 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\filterclsid.dat
[2010/07/19 17:36:58 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009/11/25 14:40:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/02 17:16:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/03/11 11:28:49 | 001,355,899 | ---- | C] () -- C:\WINDOWS\UnInstallNetCommADSL.dll
[2008/12/31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/15 20:06:47 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/09/07 18:52:21 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/08/29 03:38:22 | 000,006,310 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2008/08/07 09:01:48 | 000,034,710 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2008/08/07 09:01:48 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2008/08/07 08:29:51 | 000,000,348 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2008/08/07 08:29:51 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2008/08/07 08:29:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2008/08/07 08:26:36 | 000,002,797 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_InstantShareJPG.log
[2008/08/07 08:26:36 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2008/08/07 08:23:53 | 000,003,577 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\PatchUpdate_IZClosingDiscError.log
[2008/08/07 08:23:53 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2008/08/07 08:22:56 | 000,046,949 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2008/08/07 08:22:56 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2008/07/29 11:42:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2008/07/29 11:39:44 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/07/10 13:14:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2008/06/02 22:09:49 | 000,000,000 | ---- | C] () -- C:\Program Files\uninstall.dat
[2008/05/28 21:30:48 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/04/15 19:36:25 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/13 13:28:28 | 000,001,366 | ---- | C] () -- C:\WINDOWS\System32\oxpyyrcr.ini
[2008/04/12 12:10:52 | 000,001,186 | ---- | C] () -- C:\WINDOWS\System32\ptxsqmlk.ini
[2008/04/12 12:02:47 | 000,000,946 | ---- | C] () -- C:\WINDOWS\System32\hemmsvsb.ini
[2008/04/11 12:17:33 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/04/11 09:56:02 | 000,000,886 | ---- | C] () -- C:\WINDOWS\System32\vvgrfilh.ini
[2008/04/09 14:23:10 | 000,000,354 | ---- | C] () -- C:\WINDOWS\System32\clbruiqd.ini
[2008/04/08 14:14:26 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\xhtkahac.ini
[2008/04/07 08:04:06 | 000,000,354 | ---- | C] () -- C:\WINDOWS\System32\xrgtxrgt.ini
[2008/04/03 09:44:21 | 000,000,474 | ---- | C] () -- C:\WINDOWS\System32\ybscubip.ini
[2008/03/11 22:46:54 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/11 14:56:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/08 13:17:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/08 00:02:45 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/03/07 19:54:07 | 000,007,310 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/03/06 19:51:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/06 12:14:03 | 000,004,405 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/03/06 12:14:02 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:695CE4C3
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:098DBB8A
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:01442FD8
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:666FB4AA
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87FA5E8A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF0BC727
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED9B661E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A774141A
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FACB65E7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BCA993F
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:51A22C60
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23BEBB72
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BC9021B2
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A3AA7DA
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11EFE63D
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:439E3411
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67BA17B9

< End of report >

descriptionI Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer EmptyRe: I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer

more_horiz
Sorry top two are the same I think

descriptionI Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer EmptyRe: I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O33 - MountPoints2\{5460202c-2fb4-11dd-8603-00196651b82e}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe -- File not found
    O33 - MountPoints2\{5460202c-2fb4-11dd-8603-00196651b82e}\Shell\open\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe -- File not found
    O33 - MountPoints2\{8f11cbb6-95a9-11dd-8696-00196651b82e}\Shell\AutoRun\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe -- File not found
    O33 - MountPoints2\{8f11cbb6-95a9-11dd-8696-00196651b82e}\Shell\open\command - "" = J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe -- File not found


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionI Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer EmptyRe: I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer

more_horiz
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5460202c-2fb4-11dd-8603-00196651b82e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5460202c-2fb4-11dd-8603-00196651b82e}\ not found.
File J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5460202c-2fb4-11dd-8603-00196651b82e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5460202c-2fb4-11dd-8603-00196651b82e}\ not found.
File J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f11cbb6-95a9-11dd-8696-00196651b82e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f11cbb6-95a9-11dd-8696-00196651b82e}\ not found.
File J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f11cbb6-95a9-11dd-8696-00196651b82e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f11cbb6-95a9-11dd-8696-00196651b82e}\ not found.
File J:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\iuhi64.exe not found.

OTL by OldTimer - Version 3.2.15.2 log created on 10192010_155035



descriptionI Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer EmptyRe: I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionI Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer EmptyRe: I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer

more_horiz
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4888

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

20/10/2010 4:13:14 PM
mbam-log-2010-10-20 (16-13-14).txt

Scan type: Quick scan
Objects scanned: 165428
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionI Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer EmptyRe: I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer CF_download_FF

    I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionI Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer EmptyRe: I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer

more_horiz
Below is the text that came up on the Notepad, I did get about 4 send error messages to Microsoft. The dos window opened for Combofix, I did not get any prompts apart from the one to let it run. I did not get any of the Windows recovery console pop ps or the congratulations one. I hope its still did it properly

ComboFix 10-10-21.03 - Owner 22/10/2010 20:32:58.1.4 - x86
Running from: c:\documents and settings\Owner\Desktop\1.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Owner\Application Data\Microsoft\stor.cfg
c:\documents and settings\SFMA\Application Data\Microsoft\stor.cfg
c:\windows\system32\clbruiqd.ini
c:\windows\system32\hemmsvsb.ini
c:\windows\system32\oxpyyrcr.ini
c:\windows\system32\ptxsqmlk.ini
c:\windows\system32\vvgrfilh.ini
c:\windows\system32\xhtkahac.ini
c:\windows\system32\xrgtxrgt.ini
c:\windows\system32\ybscubip.ini

.
((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-31 153136]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-09 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-08-31 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-02-28 44544]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\AcroRd32.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1272:TCP"= 1272:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 4:27 PM 25680]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [14/10/2009 8:54 PM 130936]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [18/02/2010 5:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/05/2010 5:41 AM 67656]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24/08/2010 8:38 PM 92008]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/10/2009 8:49 PM 133104]
S3 lredbooo;lredbooo;c:\docume~1\Owner\LOCALS~1\Temp\lredbooo.sys [25/08/2006 2:46 AM 31744]
S3 rsvcdwdr;rsvcdwdr;c:\windows\system32\drivers\rsvcdwdr.sys [25/05/2010 6:27 PM 33384]
S3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\drivers\SmartpenBus.sys [11/02/2008 7:12 PM 38528]
S3 SmartpenCom;Smartpen Communications;c:\windows\system32\drivers\SmartpenCom.sys [11/02/2008 7:12 PM 35328]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [5/06/2010 5:33 PM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [5/06/2010 5:33 PM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [5/06/2010 5:33 PM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [5/06/2010 5:33 PM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [5/06/2010 5:33 PM 25704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 09:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 09:49]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-14 09:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ninemsn.com.au/
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/bigpond/364106b/bin/wizard.exe
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\31r69qlh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://babelfish.iamwired.net/search.php?src=tops&q=
FF - prefs.js: browser.startup.homepage - hxxp://babelfish.iamwired.net/
FF - prefs.js: keyword.URL - hxxp://babelfish.iamwired.net/search.php?src=tops&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,56,44,81,91,b4,31,41,a0,7a,0d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,56,44,81,91,b4,31,41,a0,7a,0d,\

[HKEY_USERS\S-1-5-21-790525478-630328440-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:70,eb,70,46,1e,f9,5e,9c,b9,2a,14,91,9b,92,16,fc,15,a4,df,43,28,
11,9a,5e,c6,f8,e6,08,cd,09,9d,c1,9f,c1,46,10,75,cb,a1,6c,cc,bb,fb,20,8a,47,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:000003c0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-10-22 20:40:55
ComboFix-quarantined-files.txt 2010-10-22 09:40
ComboFix2.txt 2008-06-24 14:07
ComboFix3.txt 2008-06-24 14:02
ComboFix4.txt 2008-06-24 13:51
ComboFix5.txt 2008-06-24 10:17

Pre-Run: 430,580,707,328 bytes free
Post-Run: 431,004,925,952 bytes free

- - End Of File - - 0B93859764B43D2FF1DBB38F6547C9BF

descriptionI Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer EmptyRe: I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer

more_horiz
Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Code:


    KILLALL::

    Driver::
    lredbooo

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer Cfscriptb4i

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionI Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer EmptyRe: I Feel Sick- TrojanGen,Packed Mystic,w32silly,Bloodhound, Infostealer

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum