new worm?, avast doesn' know it

here’s the intructions from the site

* run the MGTools.exe program by double clicking on it.
      o It will create a folder named MGTools in the root folder of the hard disk where Windows is installed ( typically C:\MGTools ).
      o It will also automatically extract a bunch of files into this folder.
      o It will the automatically start running three batch ( .bat files are batch programs ) programs in that folder.
      o This will sequentially run all the tools/scans that are part of MGtools. Each of these scans will create logs in the MGtools folder. You will notice a command prompt window open and messages will appear in this window. This window will close when the scans are complete.
      o You may see a popup window with a license agreement for TrendMicro HijackThis. Make sure you click the I Accept button. You need to click it twice to get it to accept.
      o If you see HijackThis open and/or a log from HijackThis open in notepad, just close HijackThis and the notepad window.
      o These log files while be placed in the root folder of your Windows drive. The log file will also automatically be put into a ZIP file named MGlogs.zip which you will be uploading as an attachment to your message in the forum. Unlike older versions of the programs, no popups of the logs will appear when they finish running during this initial installation. At a later time, running any of the individual batch files will still cause the logs to automatically pop up.
      o Continue on to the General Information section below.

even if the program is safe i’m still rather nerved about using it and hopikng my comp wll be clean without use of it

It’s quite likely that contains other applications as well as HijackThis, and the batch files to automatically run them. I couldn’t easily find info on what they consist of, and it is probably best not to run them in the absence of a helper that has asked you to, which you would probably only find on the MG forum.
Just stick with MBAM for now, don’t forget (as DavidR posted) to have it “remove selected”, and hopefully things might improve radically after that.

great news, mbam hit that system file and asked me to restart so it could delete it, i am going to run a standard avast to see if it’s there or not and if not i will remove my system restores and that will be that ^^, though if it is still here then i will post logs here and wait for further advice

Edit: :‘( it’s still there even after Mbam said it was going to delete it after reboot :’( will post logs soon as i can get them on here

ok here’s the logs since my laptop accepted my gflash drive without crashing this time

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/26/2009 at 03:51 AM

Application Version : 4.32.1000

Core Rules Database Version : 4402
Trace Rules Database Version: 1978

Scan type : Complete Scan
Total Scan Time : 01:24:42

Memory items scanned : 518
Memory threats detected : 0
Registry items scanned : 4602
Registry threats detected : 8
File items scanned : 33296
File threats detected : 5

Adware.Vundo/Variant
HKU.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{D5BF4552-94F1-42BD-F434-3604812C807D}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{D5BF4552-94F1-42BD-F434-3604812C807D}

Rogue.Component/Trace
HKLM\Software\Microsoft\70642062
HKLM\Software\Microsoft\70642062#70648de2
HKLM\Software\Microsoft\70642062#7064e407
HKLM\Software\Microsoft\70642062#70642062
HKLM\Software\Microsoft\70642062#Version

Trojan.Fake-Alert/Trace
HKU\S-1-5-21-776561741-1563985344-839522115-1003\SOFTWARE\Microsoft\fias4013

Trojan.Agent/Gen
C:\DOCUMENTS AND SETTINGS\MARK\START MENU\PROGRAMS\STARTUP\SISZYD32.EXE
C:\WINDOWS\Prefetch\SISZYD32.EXE-02EC40F1.pf

Rootkit.TDSServ-Trace
C:\WINDOWS\SYSTEM32\TDSSMTYE.DAT

Trojan.Agent/Gen-ImageDocFake
E:\DOCUMENTS AND SETTINGS\MARK\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8GCHHHH2\MAIN_IMG3[1].PNG
E:\FOUND.000\DIR0068.CHK\MEDIA\YOHOHO\ICONS\CHANGE_ALERT.PNG

Malwarebytes’ Anti-Malware 1.42
Database version: 3431
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

26/12/2009 08:52:05
mbam-log-2009-12-26 (08-52-05).txt

Scan type: Full Scan (C:|E:|)
Objects scanned: 561957
Time elapsed: 2 hour(s), 2 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Mark\Local Settings\Temp\sig9E.tmp (Rootkit.Agent) → Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\kpgmh.sys (Rootkit.Agent) → Delete on reboot.
C:\WINDOWS\Temp\sig10.tmp (Rootkit.Agent) → Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\avdrn.dat (Malware.Trace) → Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\fvgqad.dat (Malware.Trace) → Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\fvgqad.dat (Malware.Trace) → Quarantined and deleted successfully.

As you can see it said it would delete it on reboot but avast found it still on the computer as soon as it reloaded itself :cry:

Bu@@er. It’s a SISZYD32 -related infection.
Looking at other forum posts related to this one, it looks like a pain to try and kill.
Please use your good computer to download OTL.exe and transfer it using a flash drive to the desktop of the sick computer.
Open it by double clicking, and select “run scan”.
Two logs will be created, OTL.txt and Extras.txt. Copy and paste both to the forum. (Use more than one post if the maximum size is exceeded.)

I’m going to just ask for a bit of help from the maker of this app, now. We’ll see what can be done.

Vundo is polomophic malware and infects the whole system and the only way to remove it is a hard disk FORMAT and re install of the operaing system.

Windows XP Service Pack 3 has been available for over a year and provides many Critical Updates plus performance improvements.

You need to start Internet Explorer then go to Tools then Windows Update and download all of the available updates.

Also you should enable Automatic Updates or at least be notified that Updates are available.

Go to Control Panel then Automatic Updates then select Automatic (recommended) or at least Notify me but don’t automatically download or install them.

IE8 is more secure than IE7 and has a lot better performance:
http://www.microsoft.com/windows/Internet-explorer/default.aspx

Go to Secunia Online Software Inspector then run it to see what other applications are vulnerable:
http://secunia.com/vulnerability_scanning/online

One more thing: did you have SAS attempt to remove what it found? There is no indication of it attempting to.
You could try a scan again, but this time make sure you have the app try and quarantine all that it finds.

With MBAM, there is no need for a full scan. Just use the quick scan option, for future reference.

yes sas did remove some stuff, i guess it doesn’t show it properly in the log,

kenny i’ve heard nothing but other problems with service pack 3 and i don’t even use ie, and seeing as it seems now there is only a single file and no noticable trace of vundo left on my computer after the removal i’m not about to reformat my computer because quite frankly there is programs on there i do not have and i would have to send my comp away all the way up england to get it properly reformated

i did try another sas scan and it didn’t find any new stuff or stuff that it missed the previous time it’s stll just that 1 single file

i’m gonna use that program now to grab some logs for here

From what i can see this is going to take ALOT of posts with only a 10 k characters limit, is there another option to get it up on here or get the txt file visible or am i gonna just have to work my way through it posting it over those many posts

You could break it into a series of attachments, but that would also take a few posts, not save that much time, and make it harder for the helper/s. So, even though it’s a PITA, put them in multiple posts, please.
Seen them before, here. IIRC it takes about 6 posts. Depends on how many files there are.

As IE is the Windows major system display function for Windows XP then no matter what you see it is displayed by it.

When you get the problem resolved your system needs to be updated to SP3 to prevent infections like Vundo.

OTL logfile created on: 26/12/2009 10:44:30 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Mark\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.74 Gb Total Space | 143.33 Gb Free Space | 30.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.74 Gb Total Space | 322.75 Gb Free Space | 69.30% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEAST-3DDF91376
Current User Name: Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/26 10:24:12 | 00,513,536 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Mark\Desktop\OTL.exe
PRC - [2009/12/26 01:47:55 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/12/26 01:47:55 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) – C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/16 16:26:56 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) – C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/11/24 23:51:40 | 00,081,000 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 23:51:35 | 00,138,680 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 23:51:21 | 00,254,040 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 23:48:48 | 00,352,920 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 23:43:56 | 00,018,752 | ---- | M] (ALWIL Software) – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/13 20:01:35 | 00,323,392 | ---- | M] (BitTorrent, Inc.) – C:\Program Files\DNA\btdna.exe
PRC - [2009/10/29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) – C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009/10/24 23:34:04 | 01,217,808 | ---- | M] (Valve Corporation) – C:\Program Files\Steam\steam.exe
PRC - [2009/10/12 18:03:52 | 17,507,000 | ---- | M] (ooVoo LLC) – C:\Program Files\ooVoo\ooVoo.exe
PRC - [2009/09/28 16:15:58 | 00,242,176 | ---- | M] () – C:\Program Files\GNU\GnuPG\dirmngr.exe
PRC - [2009/09/03 21:17:14 | 03,342,336 | ---- | M] (Electronic Arts) – C:\Program Files\Electronic Arts\EADM\Core.exe
PRC - [2009/02/24 19:44:50 | 03,558,136 | ---- | M] (Veoh Networks) – C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) – C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/10/15 00:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) – C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

PRC - [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) – C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/08/13 17:06:56 | 03,660,848 | ---- | M] (Veoh Networks) – C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
PRC - [2008/08/03 23:02:20 | 00,036,352 | ---- | M] () – C:\Program Files\Winamp\winampa.exe
PRC - [2008/08/01 06:19:21 | 00,066,872 | ---- | M] () – C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2008/03/14 22:12:50 | 02,580,480 | ---- | M] (OpenOffice.org) – C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
PRC - [2008/03/14 22:12:48 | 02,363,392 | ---- | M] (OpenOffice.org) – C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
PRC - [2008/03/07 18:24:18 | 00,417,792 | ---- | M] (Creative Technology Ltd) – C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/02/20 19:58:46 | 00,019,968 | ---- | M] (Creative Technology Ltd) – C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2008/02/20 19:58:44 | 00,019,456 | ---- | M] (Creative Technology Ltd) – C:\WINDOWS\system32\CtHelper.exe
PRC - [2008/02/20 19:55:12 | 00,969,216 | ---- | M] (Creative Technology Ltd) – C:\WINDOWS\system32\CTxfispi.exe
PRC - [2007/12/05 00:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) – C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/06/13 10:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\explorer.exe
PRC - [2003/01/27 16:16:58 | 00,376,912 | ---- | M] () – C:\Program Files\BroadJump\Client Foundation\CFD.exe

========== Modules (SafeList) ==========

MOD - [2009/12/26 10:24:12 | 00,513,536 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Mark\Desktop\OTL.exe
MOD - [2008/02/20 19:58:42 | 00,008,704 | ---- | M] (Creative Technology Ltd) – C:\WINDOWS\system32\ctagent.dll
MOD - [2007/03/08 15:36:28 | 00,172,544 | ---- | M] () – C:\WINDOWS\obipufic.dll
MOD - [2006/08/25 15:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) – C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/12/26 01:47:55 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] – C:\Program Files\Java\jre6\bin\jqs.exe – (JavaQuickStarterService)
SRV - [2009/11/24 23:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast4\ashServ.exe – (avast! Antivirus)
SRV - [2009/11/24 23:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe – (avast! Mail Scanner)
SRV - [2009/11/24 23:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe – (avast! Web Scanner)
SRV - [2009/11/24 23:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe – (aswUpdSv)
SRV - [2009/11/06 01:10:48 | 00,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] – c:\Program Files\Steam\SteamApps\common\dragon age origins\bin_ship\daupdatersvc.service.exe – (DAUpdaterSvc)
SRV - [2009/10/29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] – C:\Program Files\LogMeIn Hamachi\hamachi-2.exe – (Hamachi2Svc)
SRV - [2009/09/28 16:15:58 | 00,242,176 | ---- | M] () [Auto | Running] – C:\Program Files\GNU\GnuPG\dirmngr.exe – (DirMngr)
SRV - [2009/02/18 23:11:00 | 02,806,522 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] – C:\WINDOWS\System32\GameMon.des – (npggsvc)
SRV - [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) [Auto | Running] – C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe – (aawservice)
SRV - [2008/08/01 06:19:21 | 00,066,872 | ---- | M] () [Auto | Running] – C:\WINDOWS\system32\PnkBstrA.exe – (PnkBstrA)
SRV - [2008/03/07 18:24:18 | 00,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] – C:\Program Files\Creative\Shared Files\CTAudSvc.exe – (CTAudSvcService)
SRV - [2007/12/05 00:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) [Auto | Running] – C:\WINDOWS\system32\nvsvc32.exe – (NVSvc)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe – (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2009/12/16 16:27:00 | 00,007,408 | R— | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] – C:\Program Files\SUPERAntiSpyware\SASENUM.SYS – (SASENUM)
DRV - [2009/12/16 16:26:58 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] – C:\Program Files\SUPERAntiSpyware\sasdifsv.sys – (SASDIFSV)
DRV - [2009/12/16 16:26:56 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] – C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS – (SASKUTIL)
DRV - [2009/11/24 23:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] – C:\WINDOWS\system32\drivers\aswmon2.sys – (aswMon2)
DRV - [2009/11/24 23:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\aswSP.sys – (aswSP)
DRV - [2009/11/24 23:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] – C:\WINDOWS\system32\drivers\aswFsBlk.sys – (aswFsBlk)
DRV - [2009/11/24 23:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\aswTdi.sys – (aswTdi)

DRV - [2009/11/24 23:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\aswRdr.sys – (aswRdr)
DRV - [2009/11/24 23:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] – C:\WINDOWS\system32\drivers\aavmker4.sys – (Aavmker4)
DRV - [2009/09/23 09:41:58 | 00,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\hamachi.sys – (hamachi)
DRV - [2008/08/22 14:44:08 | 00,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\zgwhsnmea.sys – (zgwhsnmea)
DRV - [2008/08/22 14:43:44 | 00,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\zgwhsmdm.sys – (zgwhsmdm)
DRV - [2008/08/22 14:43:06 | 00,105,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\zgwhsdiag.sys – (zgwhsdiag)
DRV - [2008/04/25 11:26:32 | 00,002,397 | ---- | M] () [Kernel | Auto | Running] – C:\WINDOWS\system32\drivers\symlcbrd.sys – (symlcbrd)
DRV - [2008/04/13 10:21:50 | 00,017,920 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\Ntaccess.sys – (NTACCESS)
DRV - [2008/03/21 20:30:04 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] – C:\WINDOWS\System32\Drivers\PxHelp20.sys – (PxHelp20)
DRV - [2008/02/25 08:44:38 | 01,172,504 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ha20x2k.sys – (ha20x2k)
DRV - [2008/02/25 08:44:22 | 00,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\emupia2k.sys – (emupia)
DRV - [2008/02/25 08:44:08 | 00,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ctsfm2k.sys – (ctsfm2k)
DRV - [2008/02/25 08:44:00 | 00,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ctprxy2k.sys – (ctprxy2k)
DRV - [2008/02/25 08:43:56 | 00,127,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ctoss2k.sys – (ossrv)
DRV - [2008/02/25 08:43:30 | 00,346,856 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\ctdvda2k.sys – (ctdvda2k)
DRV - [2008/02/25 08:43:24 | 00,524,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ctaud2k.sys – (ctaud2k) Creative Audio Driver (WDM)
DRV - [2008/02/25 08:43:16 | 00,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ctac32k.sys – (ctac32k)
DRV - [2008/02/25 08:41:50 | 00,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\CTHWIUT.DLL – (CTHWIUT.DLL)
DRV - [2008/02/25 08:41:44 | 00,170,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\CT20XUT.DLL – (CT20XUT.DLL)
DRV - [2008/02/25 08:41:36 | 01,323,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\CTEXFIFX.DLL – (CTEXFIFX.DLL)
DRV - [2008/02/25 08:41:28 | 00,329,240 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\CTEDSPSY.DLL – (CTEDSPSY.DLL)
DRV - [2008/02/25 08:41:18 | 00,134,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\CTEDSPIO.DLL – (CTEDSPIO.DLL)
DRV - [2008/02/25 08:41:14 | 00,100,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\CTERFXFX.DLL – (CTERFXFX.DLL)
DRV - [2008/02/25 08:41:10 | 00,286,232 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\CTEDSPFX.DLL – (CTEDSPFX.DLL)
DRV - [2008/02/25 08:41:06 | 00,174,104 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\CTEAPSFX.DLL – (CTEAPSFX.DLL)
DRV - [2008/02/25 08:41:02 | 00,566,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\CTSBLFX.DLL – (CTSBLFX.DLL)
DRV - [2008/02/25 08:40:56 | 00,551,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\CTAUDFX.DLL – (CTAUDFX.DLL)
DRV - [2008/02/25 08:40:52 | 00,098,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\COMMONFX.DLL – (COMMONFX.DLL)
DRV - [2008/01/23 21:25:32 | 00,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\tapvpn.sys – (tapvpn)
DRV - [2007/12/19 17:35:19 | 00,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] – C:\WINDOWS\system32\DRIVERS\iaStor.sys – (iaStor)
DRV - [2007/12/05 00:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\nv4_mini.sys – (nv)
DRV - [2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\secdrv.sys – (Secdrv)
DRV - [2007/10/12 08:32:30 | 00,094,592 | R— | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\Rtenicxp.sys – (RTLE8023xp)
DRV - [2007/08/20 09:05:02 | 00,027,672 | R— | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\Entech.sys – (ENTECH)
DRV - [2007/07/27 11:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] – C:\WINDOWS\system32\drivers\ptilink.sys – (Ptilink)
DRV - [2003/09/06 13:37:22 | 00,062,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] – C:\WINDOWS\System32\drivers\prohlp02.sys – (prohlp02)
DRV - [2003/09/06 12:27:06 | 00,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] – C:\WINDOWS\System32\drivers\sfhlp01.sys – (sfhlp01)
DRV - [2003/09/06 12:25:52 | 00,051,744 | ---- | M] (Protection Technology) [Kernel | System | Running] – C:\WINDOWS\System32\drivers\prodrv06.sys – (prodrv06)
DRV - [2003/09/06 12:22:08 | 00,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] – C:\WINDOWS\System32\drivers\prosync1.sys – (prosync1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: “ProxyEnable” = 0

========== FireFox ==========

FF - prefs.js…extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js…extensions.enabledItems: {FFC6B7D5-902E-4EBD-9177-7C584223F0D8}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\{FFC6B7D5-902E-4EBD-9177-7C584223F0D8}: C:\Documents and Settings\Mark\Local Settings\Application Data{FFC6B7D5-902E-4EBD-9177-7C584223F0D8} [2009/12/25 00:46:39 | 00,000,000 | —D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\Components: C:\Program Files\Mozilla Firefox\components [2009/12/16 17:22:54 | 00,000,000 | —D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/26 01:48:04 | 00,000,000 | —D | M]

[2009/01/08 20:04:31 | 00,000,000 | —D | M] – C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions
[2009/10/29 19:37:50 | 00,000,000 | —D | M] – C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\tz9chjai.default\extensions
[2009/12/26 01:48:05 | 00,000,000 | —D | M] – C:\Program Files\Mozilla Firefox\extensions
[2009/01/29 03:08:04 | 00,132,528 | ---- | M] (NHN USA Inc.) – C:\Program Files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
[2008/09/10 07:39:42 | 00,075,184 | ---- | M] (NHN USA Inc. ) – C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2008/04/28 20:46:51 | 00,151,552 | ---- | M] (PopCap Games) – C:\Program Files\Mozilla Firefox\plugins\nppopcaploader.dll

O1 HOSTS File: (765 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 rad.msn.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKCU..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM…\Run: [Asaxugesavadeb] C:\WINDOWS\obipufic.DLL ()
O4 - HKLM…\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM…\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM…\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM…\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM…\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM…\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM…\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM…\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU…\Run: File not found
O4 - HKCU…\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU…\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU…\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU…\Run: [oovoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU…\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU…\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU…\Run: [Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
O4 - HKCU…\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\Mark\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O15 - HKLM..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)

O15 - HKCU..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKCU..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/21 16:52:22 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT – [ NTFS ]
O32 - AutoRun File - [2008/04/21 16:52:22 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT – [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk ) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] – “%1” %

O35 - exefile [open] – “%1” %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/26 10:45:52 | 00,000,000 | —D | M] – C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2009/12/26 10:43:42 | 00,513,536 | ---- | C] (OldTimer Tools) – C:\Documents and Settings\Mark\Desktop\OTL.exe
[2009/12/26 02:19:03 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/12/26 02:18:52 | 00,000,000 | —D | C] – C:\Documents and Settings\Mark\Application Data\SUPERAntiSpyware.com
[2009/12/26 02:18:52 | 00,000,000 | —D | C] – C:\Program Files\SUPERAntiSpyware
[2009/12/26 02:01:17 | 00,000,000 | -HSD | C] – C:\Config.Msi
[2009/12/26 01:51:55 | 00,000,000 | —D | C] – C:\WINDOWS\pss
[2009/12/26 01:49:41 | 00,000,000 | RH-D | C] – C:\Documents and Settings\Mark\Recent
[2009/12/26 01:48:04 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\deploytk.dll
[2009/12/26 01:48:04 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javaws.exe
[2009/12/26 01:48:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javaw.exe
[2009/12/26 01:48:04 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\java.exe
[2009/12/26 01:48:04 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javacpl.cpl
[2009/12/26 01:47:50 | 00,000,000 | —D | C] – C:\Program Files\Java
[2009/12/26 01:47:18 | 16,672,544 | ---- | C] (Sun Microsystems, Inc.) – C:\Documents and Settings\Mark\Desktop\jre-6u17-windows-i586.exe
[2009/12/25 13:52:06 | 00,000,000 | —D | C] – C:\Documents and Settings\Mark.kde
[2009/12/25 04:15:50 | 00,135,360 | ---- | C] (Symantec Corporation) – C:\Documents and Settings\Mark\Desktop\FixBlast.exe
[2009/12/25 00:46:39 | 00,000,000 | —D | C] – C:\Documents and Settings\Mark\Local Settings\Application Data{FFC6B7D5-902E-4EBD-9177-7C584223F0D8}
[2009/12/20 12:09:29 | 00,000,000 | —D | C] – C:\Documents and Settings\Mark\My Documents\NeocoreGames
[2009/12/16 21:46:07 | 01,974,616 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\D3DCompiler_42.dll
[2009/12/16 21:46:07 | 00,515,416 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\XAudio2_5.dll
[2009/12/16 21:46:07 | 00,238,936 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\xactengine3_5.dll
[2009/12/16 21:46:06 | 05,501,792 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dcsx_42.dll
[2009/12/16 21:46:05 | 00,235,344 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx11_42.dll
[2009/12/16 21:45:51 | 00,000,000 | -H-D | C] – C:\WINDOWS\msdownld.tmp
[2009/12/16 21:44:50 | 00,000,000 | —D | C] – C:\Documents and Settings\Mark\My Documents\Sparkplay Media
[2009/12/16 21:44:26 | 00,573,584 | ---- | C] (SparkPlay Media, Inc) – C:\Documents and Settings\Mark\Desktop\SparkPlayerInstall.exe
[2009/12/09 15:38:57 | 00,000,000 | —D | C] – C:\Program Files\Microsoft
[2009/12/04 05:32:04 | 01,892,184 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\D3DX9_42.dll

[2009/12/04 05:32:04 | 00,453,456 | ---- | C] (Microsoft Corporation) – C:\WINDOWS\System32\d3dx10_42.dll
[2009/12/02 23:21:03 | 00,000,000 | —D | C] – C:\Documents and Settings\Mark\Local Settings\Application Data\Thunderbird
[2009/12/02 23:21:03 | 00,000,000 | —D | C] – C:\Documents and Settings\Mark\Application Data\Thunderbird
[2009/12/02 23:10:04 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Desktop\Gpg4win Documentation
[2009/12/02 23:09:52 | 00,000,000 | —D | M] – C:\Documents and Settings\LocalService\Application Data\gnupg
[2009/12/02 23:09:52 | 00,000,000 | —D | M] – C:\Documents and Settings\LocalService\Local Settings\Application Data\GNU
[2009/12/02 23:09:51 | 00,000,000 | —D | C] – C:\Documents and Settings\Mark\Application Data\gnupg
[2009/12/02 23:09:49 | 00,000,000 | —D | C] – C:\Documents and Settings\All Users\Application Data\GNU
[2009/12/02 23:09:24 | 00,000,000 | —D | C] – C:\Program Files\GNU
[2009/12/02 23:08:55 | 06,669,256 | ---- | C] (Mozilla) – C:\Documents and Settings\Mark\Desktop\Thunderbird Setup 2.0.0.23.exe
[2009/12/02 22:46:46 | 36,557,658 | ---- | C] (g10 Code GmbH) – C:\Documents and Settings\Mark\Desktop\gpg4win-2.0.1.exe
[2009/05/11 19:05:00 | 01,654,869 | ---- | C] (Dynu Systems Inc.) – C:\Documents and Settings\All Users\Application Data\DynuEncrypt.dll
[2008/08/04 14:55:23 | 00,000,000 | —D | M] – C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/04/25 11:33:11 | 00,000,000 | —D | M] – C:\Documents and Settings\NetworkService\Application Data\Symantec
[2008/04/21 16:55:35 | 00,000,000 | —D | M] – C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/04/21 16:52:21 | 00,000,000 | --SD | M] – C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/04/21 16:52:21 | 00,000,000 | --SD | M] – C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/02/20 19:59:14 | 00,034,816 | ---- | C] ( ) – C:\WINDOWS\System32\a3d.dll
[7 C:\WINDOWS*.tmp files → C:\WINDOWS*.tmp → ]
[1 C:\WINDOWS\System32*.tmp files → C:\WINDOWS\System32*.tmp → ]

========== Files - Modified Within 30 Days ==========

[2009/12/26 10:46:33 | 00,714,752 | ---- | M] () – C:\WINDOWS\System32\drivers\kpgmh.sys
[2009/12/26 10:38:48 | 00,000,021 | ---- | M] () – C:\WINDOWS\S.dirmngr
[2009/12/26 10:38:37 | 00,000,006 | -H-- | M] () – C:\WINDOWS\tasks\SA.DAT
[2009/12/26 10:38:33 | 00,002,048 | --S- | M] () – C:\WINDOWS\bootstat.dat
[2009/12/26 10:24:12 | 00,513,536 | ---- | M] (OldTimer Tools) – C:\Documents and Settings\Mark\Desktop\OTL.exe
[2009/12/26 09:48:34 | 00,054,160 | ---- | M] () – C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2009/12/26 09:48:34 | 00,054,160 | ---- | M] () – C:\WINDOWS\System32\BMXState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2009/12/26 09:48:34 | 00,000,788 | ---- | M] () – C:\WINDOWS\System32\DVCState-{00000005-00000000-00000001-00001102-00000005-00291102}.rfx
[2009/12/26 09:43:42 | 05,242,880 | -H-- | M] () – C:\Documents and Settings\Mark\NTUSER.DAT
[2009/12/26 09:43:36 | 00,000,178 | -HS- | M] () – C:\Documents and Settings\Mark\ntuser.ini
[2009/12/26 09:24:18 | 00,000,314 | ---- | M] () – C:\WINDOWS\tasks\dvadaeqn.job
[2009/12/26 02:21:14 | 04,910,518 | ---- | M] () – C:\Documents and Settings\Mark\Desktop\SASDEFINITIONS.EXE
[2009/12/26 02:18:55 | 00,000,786 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/26 02:13:16 | 02,386,270 | ---- | M] () – C:\MGtools.exe
[2009/12/26 02:09:14 | 07,451,168 | ---- | M] () – C:\Documents and Settings\Mark\Desktop\SUPERAntiSpyware.exe
[2009/12/26 01:52:05 | 00,000,477 | ---- | M] () – C:\WINDOWS\win.ini
[2009/12/26 01:52:05 | 00,000,227 | ---- | M] () – C:\WINDOWS\system.ini
[2009/12/26 01:52:05 | 00,000,211 | -HS- | M] () – C:\boot.ini
[2009/12/26 01:50:10 | 00,002,052 | ---- | M] () – C:\Documents and Settings\Mark\My Documents\cc_20091226_015006.reg
[2009/12/26 01:47:55 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javaws.exe
[2009/12/26 01:47:55 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javaw.exe
[2009/12/26 01:47:55 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\java.exe
[2009/12/26 01:47:55 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\javacpl.cpl
[2009/12/26 01:47:54 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) – C:\WINDOWS\System32\deploytk.dll
[2009/12/26 01:46:20 | 16,672,544 | ---- | M] (Sun Microsystems, Inc.) – C:\Documents and Settings\Mark\Desktop\jre-6u17-windows-i586.exe
[2009/12/26 01:37:09 | 00,112,292 | ---- | M] () – C:\Documents and Settings\Mark\My Documents\cc_20091226_013623.reg
[2009/12/26 01:23:57 | 00,000,000 | ---- | M] () – C:\WINDOWS\Igaqofevinuyoz.bin
[2009/12/25 09:45:21 | 00,000,116 | ---- | M] () – C:\WINDOWS\System32\fjhdyfhsn.bat

[2009/12/25 04:07:52 | 00,135,360 | ---- | M] (Symantec Corporation) – C:\Documents and Settings\Mark\Desktop\FixBlast.exe
[2009/12/25 00:46:39 | 00,000,120 | ---- | M] () – C:\WINDOWS\Avasub.dat
[2009/12/25 00:18:14 | 00,000,757 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2009/12/24 03:12:00 | 00,002,626 | ---- | M] () – C:\WINDOWS\System32\CONFIG.NT
[2009/12/21 16:28:02 | 00,013,646 | ---- | M] () – C:\WINDOWS\System32\wpa.dbl
[2009/12/19 14:09:24 | 00,000,069 | ---- | M] () – C:\WINDOWS\NeroDigital.ini
[2009/12/16 21:44:27 | 00,573,584 | ---- | M] (SparkPlay Media, Inc) – C:\Documents and Settings\Mark\Desktop\SparkPlayerInstall.exe
[2009/12/16 17:41:34 | 00,021,504 | ---- | M] () – C:\WINDOWS\jestertb.dll
[2009/12/10 23:54:58 | 01,058,225 | ---- | M] () – C:\Documents and Settings\Mark\Desktop\DBM-4.32-r2645-Core-and-WotLK-Mods.zip
[2009/12/07 17:46:59 | 00,001,622 | ---- | M] () – C:\Documents and Settings\Mark\Desktop\Left 4 Dead 2.lnk
[2009/12/06 06:06:45 | 00,002,193 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/12/04 06:33:26 | 00,000,024 | ---- | M] () – C:\url_history.xml
[2009/12/04 06:11:01 | 00,000,104 | ---- | M] () – C:\WINDOWS\popcinfot.dat
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) – C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/03 05:01:00 | 00,007,227 | ---- | M] () – C:\Documents and Settings\Mark\Desktop\RogueFocus.zip
[2009/12/02 23:10:04 | 06,669,256 | ---- | M] (Mozilla) – C:\Documents and Settings\Mark\Desktop\Thunderbird Setup 2.0.0.23.exe
[2009/12/02 23:10:04 | 00,001,682 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\Kleopatra.lnk
[2009/12/02 23:10:04 | 00,000,792 | ---- | M] () – C:\Documents and Settings\All Users\Desktop\GPA.lnk
[2009/12/02 22:47:39 | 36,557,658 | ---- | M] (g10 Code GmbH) – C:\Documents and Settings\Mark\Desktop\gpg4win-2.0.1.exe
[2009/11/30 03:11:10 | 00,000,760 | ---- | M] () – C:\Documents and Settings\Mark\Desktop\Fantasy Grounds.lnk
[7 C:\WINDOWS*.tmp files → C:\WINDOWS*.tmp → ]
[1 C:\WINDOWS\System32*.tmp files → C:\WINDOWS\System32*.tmp → ]

========== Files Created - No Company Name ==========

[2009/12/26 10:38:48 | 00,000,021 | ---- | C] () – C:\WINDOWS\S.dirmngr
[2009/12/26 02:23:22 | 04,910,518 | ---- | C] () – C:\Documents and Settings\Mark\Desktop\SASDEFINITIONS.EXE
[2009/12/26 02:18:55 | 00,000,786 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/12/26 02:17:46 | 02,386,270 | ---- | C] () – C:\MGtools.exe
[2009/12/26 02:17:37 | 07,451,168 | ---- | C] () – C:\Documents and Settings\Mark\Desktop\SUPERAntiSpyware.exe
[2009/12/26 01:50:08 | 00,002,052 | ---- | C] () – C:\Documents and Settings\Mark\My Documents\cc_20091226_015006.reg
[2009/12/26 01:36:27 | 00,112,292 | ---- | C] () – C:\Documents and Settings\Mark\My Documents\cc_20091226_013623.reg
[2009/12/25 00:46:39 | 00,000,120 | ---- | C] () – C:\WINDOWS\Avasub.dat
[2009/12/25 00:46:39 | 00,000,000 | ---- | C] () – C:\WINDOWS\Igaqofevinuyoz.bin
[2009/12/25 00:43:13 | 00,714,752 | ---- | C] () – C:\WINDOWS\System32\drivers\kpgmh.sys
[2009/12/25 00:43:01 | 00,000,116 | ---- | C] () – C:\WINDOWS\System32\fjhdyfhsn.bat
[2009/12/16 17:41:34 | 00,021,504 | ---- | C] () – C:\WINDOWS\jestertb.dll
[2009/12/10 23:54:58 | 01,058,225 | ---- | C] () – C:\Documents and Settings\Mark\Desktop\DBM-4.32-r2645-Core-and-WotLK-Mods.zip
[2009/12/07 17:46:59 | 00,001,622 | ---- | C] () – C:\Documents and Settings\Mark\Desktop\Left 4 Dead 2.lnk
[2009/12/03 05:00:59 | 00,007,227 | ---- | C] () – C:\Documents and Settings\Mark\Desktop\RogueFocus.zip
[2009/12/02 23:10:04 | 00,001,682 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\Kleopatra.lnk
[2009/12/02 23:10:04 | 00,000,792 | ---- | C] () – C:\Documents and Settings\All Users\Desktop\GPA.lnk
[2009/11/30 03:11:10 | 00,000,760 | ---- | C] () – C:\Documents and Settings\Mark\Desktop\Fantasy Grounds.lnk
[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () – C:\WINDOWS\System32\xlive.dll.cat
[2009/10/30 05:48:04 | 00,000,069 | ---- | C] () – C:\WINDOWS\NeroDigital.ini
[2009/09/26 11:11:12 | 00,000,000 | ---- | C] () – C:\WINDOWS\iplayer.INI
[2009/06/06 06:13:38 | 00,000,127 | ---- | C] () – C:\Documents and Settings\Mark\Local Settings\Application Data\fusioncache.dat
[2009/02/20 09:52:15 | 00,069,024 | ---- | C] () – C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/02/20 00:26:19 | 00,000,262 | ---- | C] () – C:\WINDOWS{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/02/05 13:24:45 | 00,118,176 | ---- | C] () – C:\WINDOWS\patchw.dll

[2008/12/15 16:12:12 | 01,563,797 | -HS- | C] () – C:\WINDOWS\System32\ekafelat.ini
[2008/12/15 02:04:56 | 00,058,151 | ---- | C] () – C:\Documents and Settings\All Users\Application Data\LUInstall.LiveUpdate
[2008/12/14 12:03:56 | 01,563,737 | -HS- | C] () – C:\WINDOWS\System32\ububimem.ini
[2008/12/13 23:12:31 | 01,563,737 | -HS- | C] () – C:\WINDOWS\System32\iyanusuf.ini
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () – C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/07/30 12:57:07 | 00,136,888 | ---- | C] () – C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/07/30 12:57:07 | 00,022,328 | ---- | C] () – C:\Documents and Settings\Mark\Application Data\PnkBstrK.sys
[2008/07/20 11:26:31 | 00,000,023 | ---- | C] () – C:\WINDOWS\BlendSettings.ini
[2008/06/05 07:58:26 | 00,197,912 | ---- | C] () – C:\WINDOWS\System32\physxcudart_20.dll
[2008/05/19 08:27:25 | 00,043,520 | ---- | C] () – C:\WINDOWS\System32\CmdLineExt03.dll
[2008/05/19 07:10:07 | 00,230,752 | ---- | C] () – C:\WINDOWS\patchw32.dll
[2008/05/03 00:54:53 | 00,000,754 | ---- | C] () – C:\WINDOWS\WORDPAD.INI
[2008/05/01 22:21:41 | 00,021,840 | ---- | C] () – C:\WINDOWS\System32\SIntfNT.dll
[2008/05/01 22:21:41 | 00,017,212 | ---- | C] () – C:\WINDOWS\System32\SIntf32.dll
[2008/05/01 22:21:41 | 00,012,067 | ---- | C] () – C:\WINDOWS\System32\SIntf16.dll
[2008/04/28 14:39:43 | 00,028,160 | ---- | C] () – C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/27 13:07:32 | 00,000,319 | ---- | C] () – C:\WINDOWS\game.ini
[2008/04/25 11:43:26 | 00,663,552 | ---- | C] () – C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2008/04/25 11:43:26 | 00,532,594 | ---- | C] () – C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2008/04/25 11:43:26 | 00,307,329 | ---- | C] () – C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2008/04/25 11:43:26 | 00,159,744 | ---- | C] () – C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2008/04/25 11:43:25 | 00,524,377 | ---- | C] () – C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2008/04/25 11:26:32 | 00,002,397 | ---- | C] () – C:\WINDOWS\System32\drivers\symlcbrd.sys
[2008/04/22 11:28:21 | 00,003,972 | ---- | C] () – C:\WINDOWS\System32\drivers\PciBus.sys
[2008/04/22 11:20:09 | 00,003,072 | ---- | C] () – C:\WINDOWS\CTXFIRES.DLL
[2008/03/31 21:25:46 | 00,831,488 | ---- | C] () – C:\WINDOWS\System32\divx_xx0a.dll
[2008/03/21 20:30:08 | 03,596,288 | ---- | C] () – C:\WINDOWS\System32\qt-dx331.dll
[2008/03/21 20:28:54 | 00,000,416 | ---- | C] () – C:\WINDOWS\System32\dtu100.dll.manifest
[2008/03/21 20:28:54 | 00,000,416 | ---- | C] () – C:\WINDOWS\System32\dpl100.dll.manifest
[2008/03/21 20:28:20 | 00,012,288 | ---- | C] () – C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/02/25 13:55:32 | 00,101,603 | ---- | C] () – C:\WINDOWS\System32\instwdm.ini
[2008/02/20 20:24:36 | 00,000,054 | ---- | C] () – C:\WINDOWS\System32\ctzapxx.ini
[2008/02/20 20:00:12 | 00,043,520 | ---- | C] () – C:\WINDOWS\System32\CTBurst.dll
[2008/01/31 16:18:14 | 00,009,216 | ---- | C] () – C:\WINDOWS\System32\drivers\FlashSys.sys
[2007/12/05 00:41:00 | 01,703,936 | ---- | C] () – C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 00:41:00 | 01,474,560 | ---- | C] () – C:\WINDOWS\System32\nview.dll
[2007/12/05 00:41:00 | 01,019,904 | ---- | C] () – C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 00:41:00 | 00,466,944 | ---- | C] () – C:\WINDOWS\System32\nvshell.dll
[2007/12/05 00:41:00 | 00,286,720 | ---- | C] () – C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/13 19:45:02 | 00,077,824 | ---- | C] () – C:\WINDOWS\System32\ctmmactl.dll
[2007/07/27 11:00:00 | 00,172,544 | ---- | C] () – C:\WINDOWS\obipufic.dll
[2006/10/02 16:25:18 | 00,000,307 | ---- | C] () – C:\WINDOWS\System32\kill.ini
< End of report >

OTL Extras logfile created on: 26/12/2009 10:44:30 - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Mark\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.74 Gb Total Space | 143.33 Gb Free Space | 30.78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465.74 Gb Total Space | 322.75 Gb Free Space | 69.30% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEAST-3DDF91376
Current User Name: Mark
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<extension>]
.html [@ = FirefoxHTML] –

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<key>\shell[command]\command]
batfile [open] – “%1” %*
cmdfile [open] – “%1” %*
comfile [open] – “%1” %*
exefile [open] – “%1” %*
htmlfile [edit] – Reg Error: Key error.
htmlfile [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” -nohome (Microsoft Corporation)
htmlfile [opennew] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1 (Microsoft Corporation)
http [open] – “C:\Program Files\Mozilla Firefox\firefox.exe” -requestPending -osint -url “%1” (Mozilla Corporation)
https [open] – “C:\Program Files\Mozilla Firefox\firefox.exe” -requestPending -osint -url “%1” (Mozilla Corporation)
piffile [open] – “%1” %*

regfile [merge] – Reg Error: Key error.
scrfile [config] – “%1”
scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] – “%1” /S
txtfile [edit] – Reg Error: Key error.
Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] – “C:\Program Files\Winamp\winamp.exe” /BOOKMARK “%1” (Nullsoft)
Directory [Winamp.Enqueue] – “C:\Program Files\Winamp\winamp.exe” /ADD “%1” (Nullsoft)
Directory [Winamp.Play] – “C:\Program Files\Winamp\winamp.exe” “%1” (Nullsoft)
Folder [open] – %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] – %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] – “C:\Program Files\Internet Explorer\IEXPLORE.EXE” %1 (Microsoft Corporation)
CLSID{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] – “C:\Program Files\Internet Explorer\iexplore.exe” (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“FirstRunDisabled” = 1
“AntiVirusOverride” = 0
“FirewallOverride” = 0
“AntiVirusDisableNotify” = 0
“FirewallDisableNotify” = 0
“UpdatesDisableNotify” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
“DisableMonitoring” = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
“DisableMonitoring” = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
“DisableMonitoring” = 1