1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Found viruses on a file I ran, what to do next?

Discussion in 'Virus & Other Malware Removal' started by deejayjmc, Sep 13, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. deejayjmc

    deejayjmc Thread Starter

    Joined:
    Jul 19, 2010
    Messages:
    16
    Hi,

    I tried to install a program using its exe file, the program - Daemon Tools 4.10, would install up to a certain bit then ask to restart repeatedly. I found that my computer wouldn't restart properly, and on times it does it takes a very long time to boot up.

    I ran a virus scan on virustotal.com - below is the pasted results:

    Antivirus Version Last Update Result
    AhnLab-V3 2010.09.13.00 2010.09.13 -
    AntiVir 8.2.4.50 2010.09.13 -
    Antiy-AVL 2.0.3.7 2010.09.13 -
    Authentium 5.2.0.5 2010.09.13 -
    Avast 4.8.1351.0 2010.09.13 -
    Avast5 5.0.594.0 2010.09.13 Win32:Adware-HT
    AVG 9.0.0.851 2010.09.13 -
    BitDefender 7.2 2010.09.13 -
    CAT-QuickHeal 11.00 2010.09.13 -
    ClamAV 0.96.2.0-git 2010.09.13 -
    Comodo 6065 2010.09.13 -
    DrWeb 5.0.2.03300 2010.09.13 -
    Emsisoft 5.0.0.37 2010.09.13 Riskware.AdTool.Win32.WhenU.u!A2
    eSafe 7.0.17.0 2010.09.12 -
    eTrust-Vet 36.1.7852 2010.09.13 -
    F-Prot 4.6.1.107 2010.09.13 -
    F-Secure 9.0.15370.0 2010.09.13 -
    Fortinet 4.1.143.0 2010.09.13 Misc/WhenU
    GData 21 2010.09.13 -
    Ikarus T3.1.1.88.0 2010.09.13 -
    Jiangmin 13.0.900 2010.09.13 -
    K7AntiVirus 9.63.2496 2010.09.11 -
    Kaspersky 7.0.0.125 2010.09.13 not-a-virus:WebToolbar.Win32.WhenU.u
    McAfee 5.400.0.1158 2010.09.13 -
    McAfee-GW-Edition 2010.1B 2010.09.13 -
    Microsoft 1.6103 2010.09.12 -
    NOD32 5446 2010.09.13 -
    Norman 6.06.06 2010.09.13 -
    nProtect 2010-09-13.02 2010.09.13 -
    Panda 10.0.2.7 2010.09.12 Suspicious file
    PCTools 7.0.3.5 2010.09.13 -
    Prevx 3.0 2010.09.13 High Risk Worm
    Rising 22.65.00.03 2010.09.13 -
    Sophos 4.57.0 2010.09.13 Mal/Generic-A
    Sunbelt 6868 2010.09.13 Trojan.Win32.Generic!BT
    SUPERAntiSpyware 4.40.0.1006 2010.09.13 -
    Symantec 20101.1.1.7 2010.09.13 -
    TheHacker 6.7.0.0.016 2010.09.12 -
    TrendMicro 9.120.0.1004 2010.09.12 -
    TrendMicro-HouseCall 9.120.0.1004 2010.09.13 -
    VBA32 3.12.14.0 2010.09.13 -
    ViRobot 2010.8.25.4006 2010.09.13 Adware.WhenU.7271368
    VirusBuster 12.65.2.0 2010.09.12 -

    Now that I know I have infected my computer (!) please let me know what to do next to remove these viruses.

    Thank you
     
  2. deejayjmc

    deejayjmc Thread Starter

    Joined:
    Jul 19, 2010
    Messages:
    16
    HiJackThis Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:55:56, on 13/09/2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\VM_STI.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Free Download Manager\fdm.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    C:\Program Files\Steam\steam.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MagicDisc\MagicDisc.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Admin\Downloads\HijackThis.exe
    C:\Windows\system32\SearchProtocolHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE VIMICRO USB PC Camera 301x
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Startup: todo.txt
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O20 - AppInit_DLLs: C:\Windows\System32\acaptuser32.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\NServiceEntry.exe
    O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
    O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

    --
    End of file - 9297 bytes

    ______________________________________


    DDS.txt:


    DDS (Ver_09-09-29.01) - NTFSx86
    Run by Admin at 18:56:12.80 on 13/09/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21

    ============== Pseudo HJT Report ===============

    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
    uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
    uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Google Update] "c:\users\admin\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [BigDogPath] c:\windows\VM_STI.EXE VIMICRO USB PC Camera 301x
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Acrobat Speed Launcher] "d:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "d:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    AppInit_DLLs: c:\windows\system32\acaptuser32.dll
    SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\tiruyanl.default\
    FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\tiruyanl.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}\platform\winnt_x86-msvc\components\libchm.dll
    FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\tiruyanl.default\extensions\[email protected]\platform\winnt_x86-msvc\components\ipc.dll
    FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\tiruyanl.default\extensions\[email protected]\platform\winnt_x86-msvc\components\libfirefoggencoder.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\musicnotes\npmusicn.dll
    FF - plugin: c:\program files\musicnotes\NPSibelius.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\admin\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============


    =============== Created Last 30 ================

    2010-09-12 20:39 <DIR> --d----- c:\program files\common files\Microsoft Games
    2010-09-12 16:38 <DIR> --d----- c:\programdata\Media Center Programs
    2010-09-12 16:38 <DIR> --d----- c:\progra~2\Media Center Programs
    2010-09-12 00:59 <DIR> --d----- c:\program files\common files\PX Storage Engine
    2010-09-11 15:52 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
    2010-09-11 15:52 <DIR> --d----- c:\program files\MagicDisc
    2010-09-11 15:36 <DIR> --d-h--- c:\windows\PIF
    2010-09-02 12:09 <DIR> --d----- c:\program files\Core Services
    2010-08-31 02:44 219 a------- c:\windows\iepreview.ini
    2010-08-31 00:47 <DIR> --d----- c:\program files\Internet Explorer Platform Preview
    2010-08-31 00:47 279,552 a------- c:\windows\system32\XpsGdiConverter.dll
    2010-08-31 00:47 135,168 a------- c:\windows\system32\XpsRasterService.dll
    2010-08-31 00:46 1,172,480 a------- c:\windows\system32\d3d10warp.dll
    2010-08-31 00:46 1,076,224 a------- c:\windows\system32\DWrite.dll
    2010-08-31 00:46 804,864 a------- c:\windows\system32\FntCache.dll
    2010-08-31 00:46 737,280 a------- c:\windows\system32\d2d1.dll
    2010-08-31 00:46 218,624 a------- c:\windows\system32\d3d10_1core.dll
    2010-08-31 00:46 3,181,568 a------- c:\windows\system32\mf.dll
    2010-08-31 00:46 1,619,456 a------- c:\windows\system32\WMVDECOD.DLL
    2010-08-31 00:46 196,608 a------- c:\windows\system32\mfreadwrite.dll
    2010-08-28 12:27 <DIR> --d----- c:\program files\VisualLightBox
    2010-08-24 00:15 <DIR> --d----- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-08-24 00:15 <DIR> --d----- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

    ==================== Find3M ====================

    2010-09-11 17:01 685,816 a------- c:\windows\system32\drivers\sptd.sys
    2010-09-11 15:36 2,853 a------- c:\windows\pif\setup.PIF
    2010-07-28 16:56 423,656 a------- c:\windows\system32\deployJava1.dll
    2010-07-12 21:44 215,128 a------- c:\windows\system32\PnkBstrB.exe
    2010-07-09 23:37 14,092,904 a------- c:\windows\system32\nvoglv32.dll
    2010-07-09 23:37 10,267,240 a------- c:\windows\system32\nvcompiler.dll
    2010-07-09 23:37 9,818,728 a------- c:\windows\system32\nvd3dum.dll
    2010-07-09 23:37 4,553,832 a------- c:\windows\system32\nvcuda.dll
    2010-07-09 23:37 2,892,904 a------- c:\windows\system32\nvcuvid.dll
    2010-07-09 23:37 2,506,344 a------- c:\windows\system32\nvcuvenc.dll
    2010-07-09 23:37 1,625,192 a------- c:\windows\system32\nvapi.dll
    2010-07-09 23:37 236,136 a------- c:\windows\system32\nvcod1922.dll
    2010-07-09 23:37 236,136 a------- c:\windows\system32\nvcod.dll
    2010-07-09 23:37 56,936 a------- c:\windows\system32\OpenCL.dll
    2010-07-09 16:37 13,939,816 a------- c:\windows\system32\nvcpl.dll
    2010-07-09 16:37 1,469,544 a------- c:\windows\system32\nvsvc.dll
    2010-07-09 16:37 129,640 a------- c:\windows\system32\nvvsvc.exe
    2010-07-09 16:37 110,696 a------- c:\windows\system32\nvmctray.dll
    2010-05-09 16:59 138,056 a------- c:\users\admin\appdata\roaming\PnkBstrK.sys
    2009-07-14 05:56 291,294 a------- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 05:56 291,294 a------- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 05:56 31,548 a------- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 05:56 31,548 a------- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 05:41 174 a--sh--- c:\program files\desktop.ini
    2009-07-14 01:34 291,294 a------- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 01:34 291,294 a------- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 01:34 31,548 a------- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 01:34 31,548 a------- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 22:26 9,633,792 a--shr-- c:\windows\fonts\StaticCache.dat
    2009-09-14 11:35 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
    2009-09-14 11:35 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
    2009-09-14 11:35 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
    2009-09-14 11:35 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

    ============= FINISH: 18:56:38.52 ===============



    _______________________________________________


    Attach.txt:


    ==== Installed Programs ======================


    2007 Microsoft Office Suite Service Pack 2 (SP2)
    AccessData Forensic Toolkit 1.71
    AccessData LicenseManager
    ACID Pro 7.0
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe Anchor Service CS4
    Adobe Default Language CS4
    Adobe Flash Player 10 Plugin
    Adobe Output Module
    Adobe Photoshop CS4
    Adobe Reader 9.2
    Adobe Reader 9.3.4
    Adobe Search for Help
    Adobe Setup
    AngstroLooper 0.9 beta
    Antares Autotune VST v5.09
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AudioShell 1.3.5
    Avira AntiVir Personal - Free Antivirus
    AviSynth 2.5
    Battlefield: Bad Company™ 2
    Beatscape 1.0
    Bonjour
    Call of Duty: Modern Warfare 2
    Call of Duty: Modern Warfare 2 - Multiplayer
    CamStudio
    CDBurnerXP
    Crystal Reports Basic for Visual Studio 2008
    Dell Photo Printer 720
    DivX Setup
    DreamStation DXi2
    Emagic Logic Audio Platinum 5.5
    Eudora
    Express Gate
    FEAR
    FileZilla Client 3.3.2.1
    Free Download Manager 3.0
    FreeRIP v3.30
    Full Tilt Poker
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
    GIMP 2.6.7
    Google Chrome
    Grand Theft Auto IV
    Har-Bal Equalization System v2.3
    HiJackThis
    Hitman Blood Money
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)
    IETester v0.4.4 (remove only)
    ImTOO iPhone Video Converter
    iTunes
    iZotope Ozone 4
    Java Auto Updater
    Java(TM) 6 Update 17
    Java(TM) 6 Update 21
    Java(TM) SE Development Kit 6 Update 17
    Live 8.0.3
    M-Audio Series II MIDI
    Macromedia Dreamweaver 8
    Macromedia Extension Manager
    Macromedia Fireworks 8
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware
    Media Jukebox 12
    Melodyne 3.1
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Device Emulator version 3.0 - ENU
    Microsoft Document Explorer 2008
    Microsoft Flight Simulator X
    Microsoft Flight Simulator X SDK
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft IntelliPoint 7.0
    Microsoft Office Access 2007
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft SQL Server Database Publishing Wizard 1.3
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C# 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Professional Edition - ENU
    Microsoft Visual Studio Web Authoring Component
    Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
    Microsoft Web Publishing Wizard 1.53
    Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    Microsoft Windows SDK for Visual Studio 2008 Tools
    Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
    MIDI TO MP3 MAKER version 3.12
    MIKSOFT Mobile Media Converter
    Motorola Driver Installation 4.5.0
    MOTOROLA MEDIA LINK
    Mozilla Firefox (3.6.9)
    Mozilla Thunderbird (3.0.1)
    MSVC80_x86
    MSVC80_x86_v2
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Musicnotes Software Suite 1.2
    Native Instruments Guitar Rig 3
    Native Instruments Service Center
    NetBeans IDE 6.7.1
    Nitro PDF Professional
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    NVIDIA Display Control Panel
    NVIDIA Drivers
    OF Dragon Rising
    Opera 10.61
    PC Connectivity Solution
    PC Tools Firewall Plus 6.0
    PFPortChecker 1.0.32
    Portal
    Pro Evolution Soccer 2008
    PunkBuster Services
    Quantum of Solace(TM)
    Quantum of Solace(TM) 1.1 Patch
    QuickTime
    Realtek High Definition Audio Driver
    REAPER
    Reason 4.0.1
    ReCycle 2.0
    RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
    Rockstar Games Social Club
    Safari
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB980376)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB982135)
    Skype™ 4.1
    SONAR 8.0 Producer Edition
    Sound Forge Pro 10.0
    Spybot - Search & Destroy
    SpywareBlaster 4.3
    SQL Server System CLR Types
    Steam
    Steinberg Cubase 5
    Steinberg Cubase SX v3.1.1.944
    Steinberg Drum Loop Expansion 01
    Steinberg Groove Agent ONE Content
    Steinberg HALionOne
    Steinberg HALionOne Additional Content Set 01
    Steinberg HALionOne Expression Set
    Steinberg HALionOne GM Drum Set
    Steinberg HALionOne GM Set
    Steinberg HALionOne Pro Set
    Steinberg HALionOne Studio Drum Set
    Steinberg HALionOne Studio Set
    Steinberg LoopMash Content
    Steinberg Nuendo 4
    Steinberg Nuendo Expansion Kit
    Steinberg REVerence Content 01
    Suite Shared Configuration CS4
    Super Winspy v3.5
    SyncroSoft Emu (Remove only)
    Syncrosoft License Control
    System Requirements Lab
    T-RackS 3 Deluxe
    TeamViewer 5
    The Godfather™ II
    Tom Clancy's H.A.W.X
    Total Video Converter 3.50
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 Help (KB957246)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Visual Studio Web Authoring Component (KB945140)
    Update for Outlook 2007 Junk Email Filter (kb2202131)
    VC Runtimes MSI
    VC80CRTRedist - 8.0.50727.4053
    Vegas Pro 9.0
    Videora iPhone Converter 5.03
    Virtual DJ - Atomix Productions
    Visual Mind 10
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio Tools for the Office system 3.0 Runtime
    VisualLightBox
    VLC media player 1.0.1
    Waves Diamond Bundle v5.2
    Waves SSL Collection v1.2
    Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
    Windows Driver Package - Nokia Modem (10/05/2009 4.2)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Internet Explorer Platform Preview
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    Windows Resource Kit Tools - SubInAcl.exe
    WinRAR archiver
    WinX Free iPhone Video Converter 3.1.1

    ==== End Of File ===========================



    _________________________________________

    Ark.txt:


    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-09-13 19:18:15
    Windows 6.1.7600
    Running: puq00c9v.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglcrpod.sys


    ---- System - GMER 1.0.15 ----

    SSDT 96244704 ZwCreateThread
    SSDT 962446F0 ZwOpenProcess
    SSDT 962446F5 ZwOpenThread
    SSDT 962446FF ZwTerminateProcess

    INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A3FAF8
    INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A3F104
    INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A3F3F4
    INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A27634
    INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A27898
    INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A3F1DC
    INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A3F958
    INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A3F6F8
    INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A3FF2C
    INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83A401A8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83658599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8367CF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!RtlSidHashLookup + 34C 8368485C 4 Bytes [04, 47, 24, 96] {ADD AL, 0x47; AND AL, 0x96}
    .text ntkrnlpa.exe!RtlSidHashLookup + 4E8 836849F8 4 Bytes [F0, 46, 24, 96]
    .text ntkrnlpa.exe!RtlSidHashLookup + 508 83684A18 4 Bytes [F5, 46, 24, 96] {CMC ; INC ESI; AND AL, 0x96}
    .text ntkrnlpa.exe!RtlSidHashLookup + 7B8 83684CC8 4 Bytes [FF, 46, 24, 96] {INC DWORD [ESI+0x24]; XCHG ESI, EAX}
    ? \Device\Harddisk0\Partition1\Windows\system32\drivers\PctWfpFilter.sys The system cannot find the path specified. !
    .text peauth.sys 9FE1AC9D 28 Bytes [1E, 1B, 44, 96, 6C, DA, 11, ...]
    .text peauth.sys 9FE1ACC1 28 Bytes [1E, 1B, 44, 96, 6C, DA, 11, ...]
    PAGE peauth.sys 9FE20B9B 72 Bytes CALL 8F71B21D
    PAGE peauth.sys 9FE20BEC 111 Bytes [50, FB, B1, 92, D2, 83, F4, ...]
    PAGE peauth.sys 9FE20E20 101 Bytes [26, 78, DA, 42, 24, AF, 77, ...]
    PAGE ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[4588] ntdll.dll!LdrLoadDll 76E6F585 5 Bytes JMP 00DC13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x02 0xEB 0xCF 0xF0 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x08 0x2B 0x57 0x82 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE3 0x9A 0x6E 0xC7 ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x02 0xEB 0xCF 0xF0 ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x08 0x2B 0x57 0x82 ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE3 0x9A 0x6E 0xC7 ...

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 09: copy of MBR

    ---- EOF - GMER 1.0.15 ----
     
  3. deejayjmc

    deejayjmc Thread Starter

    Joined:
    Jul 19, 2010
    Messages:
    16
    Bump!

    And my specs:

    Windows 7 Professional 32 Bit
    Intel E8400 CPU
    GeForce 7900GS
    4GB RAM
     
  4. deejayjmc

    deejayjmc Thread Starter

    Joined:
    Jul 19, 2010
    Messages:
    16
    Please help, it's been 5 days!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/949739