I have a Dell Inspiron 1420 laptop , running Windows Vista SP 1. I got these infections yesterday. At first I got the Antimalwaredoctor/Antivir Solution Pro appearance, so I ran Malwarebytes, Super Anti Spyware in safe mode, and Spyware Doctor on normal mode. All three found infections. The Super Antispyware found Trojan.dropper/Win-NV, Trojan.DNS-changer, Rootkit.TDSS and Malware.Trace. After rebooting after each scan, I ran Malwarebytes again in safe mode and found another infection. I ran Super Antispyware again and found the same infections again. After more rebooting I ran Malwarebytes and it didn't find anything but Super ANtispyware kept finding the same things. I've posted the first two Malwarebytes logs below.
I used the OTL cleaner and backed up my registry using ERUNT.
I have been unable to run the GMER rootkit scanner because every time I run it my computer crashes, I get a blue screen that says "A problem has been detected and Windows has shut down to prevent damage to your computer". I can give you more info on this crash if you need it.
Also, every time I start my computer in normal mode, I get this error..."Error loading ahoyp.dll. The specified module can not be found". I also get this error..."Internet Explorer, an error has occurred in the script on this page http:/client.kuaiche.com/client_download_right/english/index.html". I also often get the Vista error..."Spooler subsystem app has stopped working" while running in normal mode.
At this time I am also getting redirected when I try to go to Hotmail or Facebook and am unable to open Malwarebytes or Super Antispyware in normal mode.
Here are my OTL logs:
OTL.txt
OTL logfile created on: 7/19/2010 3:38:10 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Jim\Desktop\kasper\july 10 virus
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 15.70 Gb Free Space | 5.50% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.36 Gb Free Space | 43.63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JIM-PC
Current User Name: Jim
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/07/19 15:36:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\kasper\july 10 virus\OTL.exe
PRC - [2010/06/28 21:27:23 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\Jim\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/02/02 15:27:27 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/22 11:50:02 | 000,711,384 | ---- | M] () -- C:\Users\Jim\AppData\Local\Autobahn\autobahn.exe
PRC - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 14:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/18 01:02:14 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/09 14:47:42 | 001,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/10/04 14:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/30 11:03:14 | 000,820,464 | ---- | M] (Dell Inc.) -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
PRC - [2008/09/30 11:03:12 | 000,464,112 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Remote Access\ezi_ra.exe
PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/25 13:36:36 | 001,168,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2008/06/13 17:29:14 | 000,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/02/22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/01/20 21:23:43 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
PRC - [2007/09/25 03:10:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\FlashGet\flashget.exe
PRC - [2007/09/24 04:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/24 04:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/24 04:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/24 04:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 14:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
========== Modules (SafeList) ==========
MOD - [2010/07/19 15:36:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jim\Desktop\kasper\july 10 virus\OTL.exe
MOD - [2008/06/02 15:29:54 | 000,100,864 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\klg.dat
MOD - [2008/01/20 21:24:47 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
MOD - [2008/01/20 21:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/20 21:24:35 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
MOD - [2008/01/20 21:24:02 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
MOD - [2008/01/20 21:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2007/05/18 11:13:08 | 000,053,329 | ---- | M] (www.flashget.com) -- C:\Program Files\FlashGet\fgmgr.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/02/04 23:56:53 | 000,185,089 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/09/24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\Windows\System32\nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/05/13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/23 10:35:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2008/12/18 01:12:55 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/12/18 01:02:23 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331)
SRV - [2008/10/09 14:47:42 | 001,079,176 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/10/04 14:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/30 11:03:14 | 000,820,464 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/07/04 18:17:48 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/06/13 17:29:14 | 000,356,920 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2002/12/17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/04 23:56:53 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/12/23 11:36:22 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/05/11 11:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 11:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/18 10:31:35 | 000,144,768 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rdwm1079.sys -- (RDID1079)
DRV - [2009/02/13 13:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/23 10:35:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2008/10/27 04:53:36 | 001,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/10/27 04:52:00 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/08/25 13:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/08/25 13:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/08/25 13:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/06/19 17:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/06/17 13:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/04/22 01:11:32 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/16 20:34:21 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/11/16 20:34:21 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/09/25 09:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder iPhone Edition\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007/09/24 04:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/05/21 00:43:56 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/04/23 05:51:56 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/11/27 02:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 02:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 02:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...amp;ibd=4081218
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...amp;ibd=4081218
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
========== FireFox ==========
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://by109w.bay109...0&n=1812397654"
FF - prefs.js..extensions.enabledItems: [email protected]:1.00
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {2A3BF8FF-35AC-486A-B0AB-6A7E77F3648D}:1.9.1
FF - prefs.js..network.proxy.http: "194.170.32.251"
FF - prefs.js..network.proxy.http_port: 443
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/02 05:53:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/02 05:53:23 | 000,000,000 | ---D | M]
[2009/03/17 23:20:38 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Mozilla\Extensions
[2010/07/18 21:59:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\4r15r5g3.default\extensions
[2009/10/19 01:06:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\4r15r5g3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/02 05:51:11 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\4r15r5g3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/06/02 05:51:11 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\4r15r5g3.default\extensions\[email protected]
[2009/07/24 01:08:23 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\4r15r5g3.default\extensions\[email protected]
[2010/07/18 21:59:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2010/07/19 13:09:31 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [sta] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autobahn.lnk = C:\Users\Jim\AppData\Local\Autobahn\autobahn.exe ()
O4 - Startup: C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRBrowse.htm ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.c...oad/vexcast.cab (VodClient Control Class)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcaf...686/mcfscan.cab (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.187,93.188.166.187
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Jim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 90 Days ==========
[2010/07/19 13:18:15 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\GooredFix Backups
[2010/07/19 13:08:25 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/18 17:40:13 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\hlmpepvvk
[2010/07/16 00:10:04 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\good
[2010/07/15 15:51:46 | 000,000,000 | ---D | C] -- C:\Users\Jim\SuperCollider
[2010/07/15 15:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\SuperCollider
[2010/07/15 15:49:10 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\supercollider-installer-3.3.1win
[2010/07/13 16:23:24 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\hrrrivve
[2010/07/04 18:46:31 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\Autobahn
[2010/06/20 05:18:16 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Local\ApplicationHistory
[2010/06/01 01:40:57 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\camera hack
[2010/05/27 14:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/05/27 14:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010/05/27 14:17:22 | 000,000,000 | ---D | C] -- C:\Users\Jim\AppData\Roaming\QuickScan
[2010/05/24 17:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\PACE Anti-Piracy
[2010/05/24 17:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\InterLok
[2010/05/17 00:10:45 | 000,000,000 | ---D | C] -- C:\Users\Jim\Desktop\New Record Notes
[2010/04/23 15:44:15 | 011,599,872 | ---- | C] (PACE Anti-Piracy) -- C:\Users\Jim\Desktop\DriverSetup.exe
[2010/04/23 15:11:29 | 015,087,408 | ---- | C] (PACE Anti-Piracy ) -- C:\Users\Jim\Desktop\ilok1209.exe
========== Files - Modified Within 90 Days ==========
[2010/07/19 15:36:53 | 004,718,592 | -HS- | M] () -- C:\Users\Jim\NTUSER.DAT
[2010/07/19 15:35:20 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/07/19 15:32:46 | 000,002,463 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
[2010/07/19 15:32:23 | 000,000,240 | -H-- | M] () -- C:\Windows\tasks\fefc6b85.job
[2010/07/19 15:32:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/19 15:32:20 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/19 15:32:20 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/19 15:32:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/19 15:32:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/19 15:32:11 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/19 15:31:36 | 000,524,288 | -HS- | M] () -- C:\Users\Jim\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/07/19 15:31:36 | 000,065,536 | -HS- | M] () -- C:\Users\Jim\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/07/19 15:21:02 | 000,006,648 | ---- | M] () -- C:\Users\Jim\AppData\Local\d3d9caps.dat
[2010/07/19 15:20:25 | 000,084,480 | ---- | M] () -- C:\Users\Jim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/19 13:33:48 | 219,945,245 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/19 13:09:31 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/07/19 12:57:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/19 12:53:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-844876252-4256961379-2302151325-1000UA.job
[2010/07/18 17:41:44 | 000,000,000 | ---- | M] () -- C:\Users\Jim\AppData\Local\Njotowohonevo.bin
[2010/07/18 17:41:43 | 000,000,120 | ---- | M] () -- C:\Users\Jim\AppData\Local\Rsusuyokuye.dat
[2010/07/18 17:40:24 | 000,184,832 | ---- | M] () -- C:\Windows\Mlejea.exe
[2010/07/18 17:40:01 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/18 00:53:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-844876252-4256961379-2302151325-1000Core.job
[2010/07/15 20:18:37 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/12 17:12:36 | 000,321,999 | ---- | M] () -- C:\Users\Jim\Documents\horman-affair.pdf
[2010/07/04 18:46:34 | 000,000,897 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autobahn.lnk
[2010/07/04 18:46:28 | 007,037,528 | ---- | M] () -- C:\Users\Jim\Desktop\AutobahnAcceleratorInstall.exe
[2010/07/03 19:48:50 | 000,083,251 | ---- | M] () -- C:\Users\Jim\Desktop\SkylineElem.jpg
[2010/07/02 06:54:18 | 000,002,072 | ---- | M] () -- C:\Users\Jim\Desktop\Google Chrome.lnk
[2010/07/02 06:54:18 | 000,002,034 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/06/30 11:37:22 | 000,000,749 | ---- | M] () -- C:\Windows\pagebreeze.ini
[2010/06/28 19:59:32 | 000,002,390 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\wklnhst.dat
[2010/06/28 10:28:53 | 000,113,178 | ---- | M] () -- C:\Users\Jim\Desktop\Menu PDF.pdf
[2010/06/27 21:23:51 | 000,002,122 | ---- | M] () -- C:\Windows\sfmirror.ini
[2010/06/16 13:49:56 | 000,001,995 | ---- | M] () -- C:\Users\Jim\Desktop\Document.rtf
[2010/06/08 18:49:16 | 000,000,916 | ---- | M] () -- C:\Users\Jim\Desktop\StreamTorrent 1.0.lnk
[2010/06/02 05:53:24 | 000,001,750 | ---- | M] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/02 05:53:24 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/30 02:36:21 | 000,001,371 | ---- | M] () -- C:\Users\Jim\Desktop\phone #s.rtf
[2010/05/27 14:42:38 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/27 14:14:43 | 000,000,915 | ---- | M] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/05/27 14:14:39 | 000,000,735 | ---- | M] () -- C:\Users\Jim\Desktop\NTREGOPT.lnk
[2010/05/27 14:14:39 | 000,000,716 | ---- | M] () -- C:\Users\Jim\Desktop\ERUNT.lnk
[2010/05/27 06:20:00 | 000,019,230 | ---- | M] () -- C:\Users\Jim\Desktop\more ec notes.rtf
[2010/05/13 09:49:40 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/12 23:22:09 | 000,019,456 | ---- | M] () -- C:\Users\Jim\Desktop\jstor pass.wps
[2010/05/01 13:15:58 | 000,773,416 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/01 13:15:58 | 000,651,918 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/01 13:15:58 | 000,124,928 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/25 23:47:51 | 000,158,824 | ---- | M] () -- C:\Users\Jim\Documents\Track 3 Recording 3.sfk
[2010/04/25 23:47:51 | 000,158,824 | ---- | M] () -- C:\Users\Jim\Documents\Track 2 Recording 9.sfk
[2010/04/25 23:47:51 | 000,087,936 | ---- | M] () -- C:\Users\Jim\Documents\Track 3 Recording 2.sfk
[2010/04/25 23:45:50 | 020,321,446 | ---- | M] () -- C:\Users\Jim\Documents\Track 3 Recording 3.wav
[2010/04/25 23:45:50 | 020,321,446 | ---- | M] () -- C:\Users\Jim\Documents\Track 2 Recording 9.wav
[2010/04/25 23:43:23 | 011,247,662 | ---- | M] () -- C:\Users\Jim\Documents\Track 3 Recording 2.wav
[2010/04/23 15:44:25 | 011,599,872 | ---- | M] (PACE Anti-Piracy) -- C:\Users\Jim\Desktop\DriverSetup.exe
[2010/04/23 15:11:44 | 015,087,408 | ---- | M] (PACE Anti-Piracy ) -- C:\Users\Jim\Desktop\ilok1209.exe
========== Files Created - No Company Name ==========
[2010/07/19 15:32:11 | 3747,655,680 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/18 17:41:44 | 000,000,000 | ---- | C] () -- C:\Users\Jim\AppData\Local\Njotowohonevo.bin
[2010/07/18 17:41:43 | 000,000,120 | ---- | C] () -- C:\Users\Jim\AppData\Local\Rsusuyokuye.dat
[2010/07/18 17:40:29 | 000,184,832 | ---- | C] () -- C:\Windows\Mlejea.exe
[2010/07/18 17:40:23 | 000,000,240 | -H-- | C] () -- C:\Windows\tasks\fefc6b85.job
[2010/07/18 17:40:01 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/07/12 17:12:36 | 000,321,999 | ---- | C] () -- C:\Users\Jim\Documents\horman-affair.pdf
[2010/07/04 18:46:34 | 000,000,897 | ---- | C] () -- C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autobahn.lnk
[2010/07/04 18:46:25 | 007,037,528 | ---- | C] () -- C:\Users\Jim\Desktop\AutobahnAcceleratorInstall.exe
[2010/07/03 19:47:29 | 000,083,251 | ---- | C] () -- C:\Users\Jim\Desktop\SkylineElem.jpg
[2010/06/28 10:28:53 | 000,113,178 | ---- | C] () -- C:\Users\Jim\Desktop\Menu PDF.pdf
[2010/06/15 06:28:44 | 000,002,034 | ---- | C] () -- C:\Users\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/06/08 18:49:16 | 000,000,916 | ---- | C] () -- C:\Users\Jim\Desktop\StreamTorrent 1.0.lnk
[2010/05/27 14:42:38 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/13 09:49:40 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/12 23:22:09 | 000,019,456 | ---- | C] () -- C:\Users\Jim\Desktop\jstor pass.wps
[2010/04/25 23:45:52 | 000,158,824 | ---- | C] () -- C:\Users\Jim\Documents\Track 3 Recording 3.sfk
[2010/04/25 23:45:50 | 000,158,824 | ---- | C] () -- C:\Users\Jim\Documents\Track 2 Recording 9.sfk
[2010/04/25 23:43:41 | 020,321,446 | ---- | C] () -- C:\Users\Jim\Documents\Track 2 Recording 9.wav
[2010/04/25 23:43:23 | 020,321,446 | ---- | C] () -- C:\Users\Jim\Documents\Track 3 Recording 3.wav
[2010/04/25 23:43:23 | 000,087,936 | ---- | C] () -- C:\Users\Jim\Documents\Track 3 Recording 2.sfk
[2010/04/25 23:42:13 | 011,247,662 | ---- | C] () -- C:\Users\Jim\Documents\Track 3 Recording 2.wav
[2010/03/01 21:32:34 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010/01/27 21:06:14 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2010/01/06 05:39:23 | 000,013,312 | ---- | C] () -- C:\Windows\System32\RdCi1079.dll
[2009/12/03 16:14:31 | 000,000,749 | ---- | C] () -- C:\Windows\pagebreeze.ini
[2009/12/03 16:14:31 | 000,000,044 | ---- | C] () -- C:\Windows\formbreeze.ini
[2009/07/31 06:47:52 | 000,002,122 | ---- | C] () -- C:\Windows\sfmirror.ini
[2009/06/09 04:48:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Dspp6.dll
[2009/06/09 04:48:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Dspp5.dll
[2009/06/09 04:48:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Dspm6.dll
[2009/06/09 04:48:28 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Dspm5.dll
[2009/06/09 04:48:28 | 000,033,280 | ---- | C] () -- C:\Windows\System32\dsppX.dll
[2009/06/09 04:48:28 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2009/06/09 04:48:28 | 000,004,608 | ---- | C] () -- C:\Windows\System32\DSP.dll
[2009/06/09 02:57:08 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll
[2009/05/12 08:42:16 | 000,000,393 | ---- | C] () -- C:\Windows\urlhunter.INI
[2009/04/21 07:03:56 | 001,275,026 | ---- | C] () -- C:\Windows\System32\libsndfile-1.dll
[2009/04/21 07:03:56 | 001,153,640 | ---- | C] () -- C:\Windows\System32\libvorbisenc-2.dll
[2009/04/21 07:03:56 | 000,183,050 | ---- | C] () -- C:\Windows\System32\libvorbis-0.dll
[2009/04/21 07:03:56 | 000,048,995 | ---- | C] () -- C:\Windows\System32\libvorbisfile-3.dll
[2009/04/21 07:03:55 | 001,024,153 | ---- | C] () -- C:\Windows\System32\libfftw3-3.dll
[2009/04/21 07:03:55 | 001,010,421 | ---- | C] () -- C:\Windows\System32\libfftw3f-3.dll
[2009/04/21 07:03:55 | 000,051,790 | ---- | C] () -- C:\Windows\System32\libogg-0.dll
[2009/04/06 03:18:46 | 000,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/03/28 20:55:27 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/03/18 01:50:12 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2009/03/18 01:50:12 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2009/03/18 01:50:12 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2009/03/18 01:50:12 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/03/18 01:48:45 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2009/03/07 15:42:08 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2009/01/26 09:35:08 | 004,964,864 | ---- | C] () -- C:\Windows\System32\MtxVec.Spls3.dll
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/12/23 10:33:18 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2008/12/18 00:51:14 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/12/09 06:27:20 | 001,441,792 | ---- | C] () -- C:\Windows\System32\MtxVec.Vml2s.dll
[2008/12/07 14:08:06 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/07 14:08:04 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/09/12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007/09/04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/05/01 19:00:00 | 000,052,736 | ---- | C] () -- C:\Windows\System32\ernel32.dll
[2001/06/23 00:05:00 | 000,466,944 | ---- | C] () -- C:\Windows\System32\bdss.dll
[1933/10/24 21:22:30 | 000,004,263 | -HS- | C] () -- C:\Windows\windllreg1c.sys
========== LOP Check ==========
[2010/03/01 22:43:39 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\BITS
[2010/05/21 00:24:06 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\CoreFTP
[2009/12/25 00:43:58 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Cycling '74
[2009/03/17 23:19:51 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DMCache
[2009/05/13 06:56:42 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\DonationCoder
[2010/03/08 20:14:22 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FileZilla
[2010/03/01 21:32:14 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FlashGet
[2010/03/01 21:32:12 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\FlashGetBHO
[2009/03/17 23:19:51 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\GetRight
[2009/03/17 23:19:53 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\IDM
[2009/02/18 04:58:46 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\NetMedia Providers
[2010/05/24 17:21:43 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\PACE Anti-Piracy
[2009/01/11 21:42:11 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Publish Providers
[2010/05/30 02:13:46 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\QuickScan
[2009/06/09 04:30:12 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SignalAnalyzer
[2009/07/22 22:25:56 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Sony
[2009/08/13 18:53:47 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\StreamTorrent
[2009/03/17 23:20:42 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\SystemRequirementsLab
[2009/06/10 12:42:54 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Template
[2009/03/17 23:20:42 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\Uniblue
[2010/06/22 00:39:00 | 000,000,000 | ---D | M] -- C:\Users\Jim\AppData\Roaming\uTorrent
[2010/07/19 15:32:23 | 000,000,240 | -H-- | M] () -- C:\Windows\Tasks\fefc6b85.job
[2010/07/19 13:33:03 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/03/18 01:50:20 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/12/18 02:13:25 | 000,005,089 | RH-- | M] () -- C:\dell.sdr
[2010/07/19 15:32:11 | 3747,655,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/27 21:05:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/07/27 17:11:45 | 000,020,457 | ---- | M] () -- C:\JavaRa.log
[2010/05/27 02:39:04 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/01/27 21:05:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/19 15:32:10 | 4061,261,824 | -HS- | M] () -- C:\pagefile.sys
[2009/07/24 00:33:26 | 000,004,948 | ---- | M] () -- C:\RootRepeal report 07-24-09 (00-33-26).txt
[2009/07/24 00:33:59 | 000,004,948 | ---- | M] () -- C:\RootRepeal report 07-24-09 (00-33-59).txt
[2009/07/24 00:37:20 | 000,004,948 | ---- | M] () -- C:\RootRepeal report 07-24-09 (00-37-20).txt
[2008/12/18 01:30:15 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2010/07/19 13:21:25 | 000,059,626 | ---- | M] () -- C:\TDSSKiller.2.3.2.2_19.07.2010_13.20.28_log.txt
[2010/07/18 17:40:01 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/12/25 01:47:24 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/28 13:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2005/04/03 19:00:00 | 000,052,736 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\OC3s793.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2008/10/27 04:52:12 | 000,055,808 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2008/01/20 21:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/20 21:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009/03/18 01:49:59 | 015,605,760 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2009/03/18 01:49:52 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2009/03/18 01:49:59 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2009/03/18 01:50:07 | 017,416,192 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2009/03/18 01:50:08 | 006,688,768 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\user32.dll /md5 >
[2008/01/20 21:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/20 21:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 04:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-12-25 06:28:06
========== Alternate Data Streams ==========
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:6FDABC0E
@Alternate Data Stream - 1310 bytes -> C:\ProgramData\Microsoft:yK7h9rakvS1F2N5VtLqJugt
@Alternate Data Stream - 1291 bytes -> C:\Users\Jim\AppData\Local\Temp:0eogC7LTWJy9Eza1xvTzh
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 1242 bytes -> C:\ProgramData\Microsoft:KtCdsZKY9sXVfuRetKzxZSbJ
@Alternate Data Stream - 1241 bytes -> C:\ProgramData\Microsoft:7bDDGhZsCj5t31Lkhk155qH
@Alternate Data Stream - 1225 bytes -> C:\Users\Jim\Local Settings:3FShEnvuU7Ht1yG6iMf
@Alternate Data Stream - 1225 bytes -> C:\Users\Jim\AppData\Local\Application Data:3FShEnvuU7Ht1yG6iMf
@Alternate Data Stream - 1206 bytes -> C:\Users\Jim\AppData\Local\Z1aTb5hR:NG2hnTY4GKtMdlIrTahS4
@Alternate Data Stream - 1190 bytes -> C:\Users\Jim\Local Settings:5uG0KkPUOGdX3P0LupF3pK33TM
@Alternate Data Stream - 1190 bytes -> C:\Users\Jim\AppData\Local\Application Data:5uG0KkPUOGdX3P0LupF3pK33TM
@Alternate Data Stream - 1132 bytes -> C:\ProgramData\Microsoft:Nza9hA8wjHVyGi7wE9vINUkoHR
< End of report >
Extras.txt
OTL Extras logfile created on: 7/19/2010 3:38:10 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Jim\Desktop\kasper\july 10 virus
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 15.70 Gb Free Space | 5.50% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.36 Gb Free Space | 43.63% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JIM-PC
Current User Name: Jim
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- File not found
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{103F1942-FF9D-4A0B-8C9C-5B86A7334B94}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{4123D60E-B785-4A28-98DB-4B6B0416D503}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{4EE6D749-199A-4F76-B122-48EA7F526930}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{54D95848-72CE-4764-99D5-A013D6F02224}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{67CFEE26-6703-43E9-8858-F42643A4C826}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{67D39865-532A-4F5F-9E36-27D5A432DEEC}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{759B723C-D878-438A-82B1-26E3B5C35A8C}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{7E27352E-E960-43E5-994D-8DA5B3A83D2B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{89083612-7C3A-446E-BA6D-C7C80BAADCAF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9CC65E3C-77E5-42A9-AD08-758FA6880279}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{A7116F81-F68D-482F-B0ED-2FF4F4660415}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{BFABFC82-4C32-45A0-8E4D-C6E89D8155D4}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{CC9ADB62-5659-4DEB-A1C4-5B506C1A3534}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{CFDB8787-7A34-42AA-A5EC-6A07C6B2E6FC}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{D7FBAD09-9B71-401E-9441-5A936D1E2405}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{D894A360-7B5B-46B7-9441-E307CB151785}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{DCB261DC-DAD9-455E-AC62-61328CFC2316}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{F4A57F47-5CD5-48DF-8A9C-72B99F39F12B}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{FBD1A3F8-B0C8-4514-8852-3A48CDBCB59A}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{FDB4D71C-4E3E-4C65-8C2B-524924FA62ED}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"TCP Query User{009A2580-8E9C-4CA1-9DD0-F85AEFBD3B88}C:\program files\supercollider\supercollider.exe" = protocol=6 | dir=in | app=c:\program files\supercollider\supercollider.exe |
"TCP Query User{0411487A-9815-4F4D-A2B8-13BB1FD33602}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{0FB9D537-38F4-4ED8-9D42-91B6D975000D}C:\program files\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files\flashget network\flashget 3\flashget3.exe |
"TCP Query User{137F6A09-11CF-4B7A-B3B8-129885285347}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{287872D1-F8E8-4FA0-9BF6-B76281BA240B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{40A81185-A5A1-414F-A904-982308C35D42}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"TCP Query User{50BCB105-3F46-4DF3-A34D-D2017CE38BB1}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{5601A5C0-A2EC-4E07-BF4C-A33C20C9A646}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5B5A130C-1966-4F3F-B5E0-4B76718F91A4}C:\program files\pd\bin\pd.exe" = protocol=6 | dir=in | app=c:\program files\pd\bin\pd.exe |
"TCP Query User{7E79033E-71BE-49DD-B873-6836AB54CEC5}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{875B9427-FEC9-4BA1-A5D7-6353766444D3}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{8EE3D3DA-014C-4CA3-A34C-18CF04EFB866}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{8F5DDFC5-DAD7-490F-8CCB-B5E6F0DE7B47}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{9DE718C2-E823-4EFB-8CA2-069FBEF5CB14}C:\users\jim\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\jim\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{A29CDDC8-0A22-44E3-9B56-BF8FC5C30964}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe |
"TCP Query User{B8C11931-B1A6-4E7E-9269-DFB60DC21D91}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{C81BE1A6-073C-4500-974E-A8F21EF3194D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{E1B7E309-57D1-4911-A722-332801EF1BB2}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{E53C68FD-8B6A-47C7-96C1-871DBA67DB03}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F5364F0A-E961-40A9-A695-D9A3A8643441}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{F860595E-D950-45ED-AC06-E103947039AB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{FF0DE57E-2EDB-4592-A907-F7B4E4CCFB40}C:\users\jim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\jim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{026B5735-1EFE-4268-9E5F-61C1F4E16FCB}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{105DD9B2-93AF-44D5-925B-78148F7029D1}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{1DBE4478-7140-41F5-BB9B-84227AC635C5}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{21CB1AB4-70F0-4181-9ED3-3F6AC8B4F2B9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{285D6D01-1FCD-4923-9A75-E09B1EFDB8B7}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{29B8F150-6A21-4CEC-AF7D-F584C0212B8C}C:\users\jim\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\jim\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{2C65A9D8-2FCD-4AC0-9E3B-23294E6DB4D9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{54B106B9-3B8D-43B5-A22A-610AB0EFEAB1}C:\program files\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files\flashget network\flashget 3\flashget3.exe |
"UDP Query User{640DA33B-9813-40E4-8110-DE8E9252CEDC}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{8E66B5F3-8307-41F8-8E42-753E9435F5C6}C:\users\jim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\jim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{93BCA127-5862-4ECD-9C79-5A930F2FF550}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9491D161-0C13-49FE-98D7-DCC86C538FD7}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{94E43D83-E8D1-4B37-B5B7-A78D76215AC8}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{9A7542D5-0C2F-495C-9323-C60344B839F5}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{A3FA06EB-DC5A-498F-90D6-58EF9E1AC659}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe |
"UDP Query User{ACC47B2B-4296-4677-8F72-9F4D19C4A61D}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{B452697F-C4CF-47F5-B244-66FD6A78C3B7}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{C7BE81B3-9B25-4549-9F78-F22594636E41}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{CF762A7A-F617-47B0-A0D0-9C9F7F2602D5}C:\program files\supercollider\supercollider.exe" = protocol=17 | dir=in | app=c:\program files\supercollider\supercollider.exe |
"UDP Query User{E28639D9-32E2-43D6-B6F6-F0E09FD810AD}C:\program files\pd\bin\pd.exe" = protocol=17 | dir=in | app=c:\program files\pd\bin\pd.exe |
"UDP Query User{EB41FA8E-D4E4-4394-B694-06505C1D19BB}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{EC112865-9D81-4228-87F1-F4D15B5F886A}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{1A299778-8AEF-4633-9EB5-E8EDD0767F38}" = Max 5.1.2
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{255909FA-8E58-4BC2-A83A-3C71EB5DD6EC}" = EarthLink Setup Files
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 17
"{27F0B084-8305-4891-B9FD-4F2E3EDF98D4}" = iLok Client Helper x32x64
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3E5DA526-F420-45A6-9F27-D2B5246D6823}" = Free Natural Text to Speech Reader 2008
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel
"{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}" = Sony Media Manager 2.2
"{48EB9208-593D-4DC7-B613-9C5A210D87BA}" = Sony Sound Forge 8.0b
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{73D766DC-C79D-11DD-9A42-A17956D89593}" = SuperCollider
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{784DF107-2945-4B65-ADE3-A58ECD6C37A9}" = Sony Vegas 5.0a
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99041921-18B5-4d36-9729-BE5A671B1932}" = D4200
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{9FE94C17-25AD-4142-A012-E0BBE923C711}" = D4200_Help
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Apen CD Ripper_is1" = Apen CD Ripper 1.02
"Autobahn" = Autobahn
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Core FTP LE 2.1" = Core FTP LE 2.1
"DS-Monkey Audio Source" = DS-Monkey Audio Source 1.00
"EchoFilter 2.0 Free" = EchoFilter 2.0 Free
"EchoFilter 3.01 Trial" = EchoFilter 3.01 Trial
"ERUNT_is1" = ERUNT 1.1j
"FFT Properties (32) v5" = FFT Properties (32)
"FlashGet" = FlashGet 1.9.6.1073
"GetRight_is1" = GetRight
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"IMS Web Dwarf V2" = IMS Web Dwarf V2
"InstallShield_{27F0B084-8305-4891-B9FD-4F2E3EDF98D4}" = iLok Client Helper x32x64
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder iPhone Edition" = MediaCoder iPhone Edition
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"OJOsoft Audio Converter_is1" = OJOsoft Audio Converter
"PageBreeze Free HTML Editor" = PageBreeze Free HTML Editor
"pd_is1" = Pd-0.40.3-extended-20080721
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"ReadPlease 2003_is1" = ReadPlease 2003/ReadPlease PLUS 2003
"RealAlt_is1" = Real Alternative 1.9.0
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RolandRDID0079" = UA-25EX Driver
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"SopCast" = SopCast 3.0.3
"Soulseek2" = SoulSeek 157 NS 13c
"Spyware Doctor" = Spyware Doctor 6.0
"StreamTorrent 1.0" = StreamTorrent 1.0
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.5.1
"VLC media player" = VLC media player 1.0.3
"WildTangent dell Master Uninstall" = WildTangent Games
"WinAce Archiver" = WinAce Archiver
"WinPcapInst" = WinPcap 4.1 beta5
"WinRAR archiver" = WinRAR archiver
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7/10/2010 11:37:53 AM | Computer Name = Jim-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/10/2010 11:17:43 PM | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, time stamp 0x4c2943a6,
faulting module gcswf32.dll, version 10.1.53.64, time stamp 0x4c080641, exception
code 0xc0000005, fault offset 0x00316640, process id 0x151c, application start time
0x01cb2047d8babb47.
Error - 7/11/2010 12:04:37 PM | Computer Name = Jim-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 7/11/2010 12:04:37 PM | Computer Name = Jim-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 7/11/2010 12:04:47 PM | Computer Name = Jim-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/11/2010 12:04:48 PM | Computer Name = Jim-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 7/11/2010 12:04:54 PM | Computer Name = Jim-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 7/12/2010 10:28:51 AM | Computer Name = Jim-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/13/2010 12:54:45 PM | Computer Name = Jim-PC | Source = WinMgmt | ID = 10
Description =
Error - 7/13/2010 5:24:17 PM | Computer Name = Jim-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000374, fault offset 0x000b015d, process id 0x7c4, application
start time 0x01cb22abe7b56ddf.
[ Broadcom Wireless LAN Events ]
Error - 7/16/2010 2:08:03 AM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 01:08:03, Fri, Jul 16, 10 Error - User "" does not have administrative
privileges on this system
Error - 7/16/2010 2:08:03 AM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 01:08:03, Fri, Jul 16, 10 Error - User "" does not have administrative
privileges on this system
Error - 7/17/2010 3:54:22 AM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 02:54:22, Sat, Jul 17, 10 Error - User "" does not have administrative
privileges on this system
Error - 7/17/2010 3:54:22 AM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 02:54:22, Sat, Jul 17, 10 Error - User "" does not have administrative
privileges on this system
Error - 7/18/2010 5:10:23 AM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 04:10:23, Sun, Jul 18, 10 Error - User "" does not have administrative
privileges on this system
Error - 7/18/2010 5:10:23 AM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 04:10:23, Sun, Jul 18, 10 Error - User "" does not have administrative
privileges on this system
Error - 7/18/2010 6:54:19 PM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 17:54:19, Sun, Jul 18, 10 Error - User "" does not have administrative
privileges on this system
Error - 7/18/2010 6:54:19 PM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 17:54:19, Sun, Jul 18, 10 Error - User "" does not have administrative
privileges on this system
Error - 7/19/2010 2:21:33 PM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 13:21:33, Mon, Jul 19, 10 Error - User "" does not have administrative
privileges on this system
Error - 7/19/2010 2:21:33 PM | Computer Name = Jim-PC | Source = WLAN-Tray | ID = 0
Description = 13:21:33, Mon, Jul 19, 10 Error - User "" does not have administrative
privileges on this system
[ System Events ]
Error - 7/19/2010 3:43:02 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 7/19/2010 3:43:02 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 7/19/2010 3:43:02 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 7/19/2010 3:43:02 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 7/19/2010 3:43:02 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 7/19/2010 3:43:02 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 7/19/2010 3:43:02 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 7/19/2010 4:32:15 PM | Computer Name = Jim-PC | Source = HTTP | ID = 15016
Description =
Error - 7/19/2010 4:33:58 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 7/19/2010 4:33:58 PM | Computer Name = Jim-PC | Source = Service Control Manager | ID = 7031
Description =
< End of report >
Malwarebytes logs
Log 1:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000
7/18/2010 7:44:05 PM
mbam-log-2010-07-18 (19-44-05).txt
Scan type: Full scan (C:\|)
Objects scanned: 303929
Time elapsed: 1 hour(s), 45 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 4
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 11
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{56d6429e-07b5-4d82-a53d-540bbe4fd81c} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{56d6429e-07b5-4d82-a53d-540bbe4fd81c} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56d6429e-07b5-4d82-a53d-540bbe4fd81c} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ewqovlsi (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rfadiyo (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vvibirace (Trojan.Agent.U) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.163.187,93.188.166.187 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.187,93.188.166.187 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7d128d71-0faf-45ef-aa0a-461388123645}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.163.187,93.188.166.187 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7d128d71-0faf-45ef-aa0a-461388123645}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.187,93.188.166.187 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e1284b30-77ac-4b80-bc9a-e3a4d623e123}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.163.187,93.188.166.187 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e1284b30-77ac-4b80-bc9a-e3a4d623e123}\NameServer (Trojan.DNSChanger) -> Data: 93.188.163.187,93.188.166.187 -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\ahoyp.dll (Adware.EZlife) -> Quarantined and deleted successfully.
C:\Users\Jim\AppData\Local\Temp\nmseowxcar.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Jim\AppData\Local\hlmpepvvk\difrclttssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
C:\Users\Jim\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Jim\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Jim\AppData\Local\acocinex.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.
C:\Users\Jim\AppData\Local\ftlmset.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.
Log 2:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000
7/19/2010 12:28:40 PM
mbam-log-2010-07-19 (12-28-40).txt
Scan type: Full scan (C:\|)
Objects scanned: 302344
Time elapsed: 1 hour(s), 42 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
Thank you very much for your assistance.
Edited by chili fries, 19 July 2010 - 04:13 PM.