Fake Security Center Alert Win32.Conflicker.C [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

3 Pages

1 2 3 >

Fake Security Center Alert Win32.Conflicker.C [Solved], Fake alert pops up warning of Win32.Conflicker.C

Options

bitterbuck View Member Profile	Oct 19 2009, 01:08 PM Post #1
Member Posts: 18 OS: XP	I have a fake security center pop up that wont go away. So far I have: 1. Run Adaware scan 2. Run Antivirus Scan 3. Run TFC (Temp File Cleaner) 4. Set a System Restore Point 5. Run ENRUNT 6. Run Malwarebytes (had numerous error messages on install) 7. Windows update 8. Rootrepeal 9. OTL RootRepeal ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/19 13:46 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF0B94000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7C97000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xEF576000 Size: 49152 File Visible: No Signed: - Status: - Processes ------------------- Path: C:\Documents and Settings\Doylechiro\Application Data\Gmail\gorhv17911194.exe PID: 2312 Status: Hidden from the Windows API! SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "Lbd.sys" at address 0xf777f87e #: 247 Function Name: NtSetValueKey Status: Hooked by "Lbd.sys" at address 0xf777fbfe ==EOF== OTL OTL logfile created on: 10/19/2009 1:49:31 PM - Run 1 OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Doylechiro\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 767.00 Mb Total Physical Memory \| 121.52 Mb Available Physical Memory \| 15.84% Memory free 1.46 Gb Paging File \| 0.84 Gb Available in Paging File \| 57.41% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 74.47 Gb Total Space \| 27.43 Gb Free Space \| 36.84% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOCFW Current User Name: Doylechiro Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/10/19 13:48:29 \| 00,521,216 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe PRC - [2009/10/16 13:13:20 \| 00,781,656 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2009/10/16 13:13:18 \| 01,170,768 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2009/09/13 18:52:50 \| 01,048,392 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2009/08/07 18:14:18 \| 29,577,216 \| ---- \| M] (Forté Systems) -- C:\Program Files\Forte Systems\Chiro8000 v12\PM.exe PRC - [2009/08/06 23:34:38 \| 00,380,928 \| ---- \| M] () -- C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe PRC - [2009/07/02 17:36:52 \| 00,017,904 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2009/06/10 17:28:26 \| 12,973,336 \| ---- \| M] () -- C:\Program Files\RegCure\RegCure.exe PRC - [2009/05/27 07:17:52 \| 00,148,888 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/05/27 07:17:51 \| 00,152,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/02/06 05:10:02 \| 00,227,840 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2008/11/05 22:59:00 \| 04,347,120 \| ---- \| M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe PRC - [2008/10/16 21:35:28 \| 00,116,032 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe PRC - [2008/10/16 21:35:24 \| 00,087,360 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe PRC - [2008/07/24 19:46:10 \| 00,063,040 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe PRC - [2008/04/13 19:12:19 \| 01,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2008/02/18 11:16:30 \| 00,110,592 \| ---- \| M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2007/12/21 13:30:40 \| 00,131,072 \| ---- \| M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe PRC - [2006/03/02 18:47:35 \| 07,166,053 \| ---- \| M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2005/08/11 17:30:30 \| 00,081,920 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2005/03/31 10:26:50 \| 00,229,376 \| ---- \| M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe PRC - [2005/01/04 12:50:52 \| 00,405,583 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE PRC - [2004/10/20 08:40:04 \| 00,010,328 \| R--- \| M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe PRC - [2004/09/22 19:46:10 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2004/05/24 12:35:52 \| 00,322,104 \| ---- \| M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe PRC - [2004/01/08 17:41:40 \| 00,073,796 \| ---- \| M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe PRC - [2003/09/19 13:11:46 \| 00,065,536 \| ---- \| M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe PRC - [2003/08/19 17:21:01 \| 00,151,597 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2003/06/24 10:46:30 \| 00,245,760 \| ---- \| M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe PRC - [2003/06/20 00:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2003/05/02 15:19:00 \| 00,069,632 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2003/03/05 06:30:10 \| 00,155,648 \| ---- \| M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe PRC - [2002/12/17 18:26:22 \| 07,520,337 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe PRC - [2002/12/17 18:23:32 \| 00,074,308 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe PRC - [2002/08/29 05:00:00 \| 00,016,896 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe PRC - [2002/03/21 23:41:56 \| 00,094,208 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe PRC - [2000/06/29 03:45:10 \| 00,052,224 \| ---- \| M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (Pml Driver HPZ12 [On_Demand \| Stopped]) SRV - [2009/10/16 13:13:18 \| 01,170,768 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto \| Running]) SRV - [2009/07/02 17:36:52 \| 00,017,904 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc [Auto \| Running]) SRV - [2009/05/27 07:17:51 \| 00,152,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto \| Running]) SRV - [2008/10/16 21:35:28 \| 00,116,032 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto \| Running]) SRV - [2008/07/29 21:10:04 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand \| Stopped]) SRV - [2008/07/29 19:24:50 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown \| Stopped]) SRV - [2008/07/29 19:16:38 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled \| Stopped]) SRV - [2008/07/25 11:17:02 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) SRV - [2008/07/25 11:16:40 \| 00,034,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand \| Stopped]) SRV - [2008/07/24 19:46:10 \| 00,063,040 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto \| Running]) SRV - [2008/04/13 19:12:02 \| 00,038,400 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto \| Running]) SRV - [2008/03/30 10:36:30 \| 00,504,104 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand \| Stopped]) SRV - [2008/02/18 11:16:30 \| 00,110,592 \| ---- \| M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto \| Running]) SRV - [2007/12/21 13:30:40 \| 00,131,072 \| ---- \| M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor [Auto \| Running]) SRV - [2004/10/22 04:24:18 \| 00,073,728 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand \| Stopped]) SRV - [2004/10/20 08:40:04 \| 00,010,328 \| R--- \| M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto \| Running]) SRV - [2004/10/15 15:54:14 \| 00,100,016 \| ---- \| M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Disabled \| Stopped]) SRV - [2004/09/22 19:46:10 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto \| Running]) SRV - [2004/05/24 12:35:52 \| 00,322,104 \| ---- \| M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS [Auto \| Running]) SRV - [2004/01/08 17:41:40 \| 00,073,796 \| ---- \| M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto \| Running]) SRV - [2003/09/19 13:11:46 \| 00,065,536 \| ---- \| M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service [Auto \| Running]) SRV - [2003/07/28 13:28:22 \| 00,089,136 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand \| Stopped]) SRV - [2003/06/20 00:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto \| Running]) SRV - [2003/05/02 15:19:00 \| 00,069,632 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto \| Running]) SRV - [2003/03/05 06:30:10 \| 00,155,648 \| ---- \| M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe -- (SuperProServer [Auto \| Running]) SRV - [2003/03/03 13:33:40 \| 00,143,360 \| ---- \| M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand \| Stopped]) SRV - [2002/12/17 18:26:22 \| 07,520,337 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto \| Running]) SRV - [2002/12/17 18:23:30 \| 00,311,872 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand \| Stopped]) SRV - [2002/12/17 18:23:30 \| 00,066,112 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand \| Stopped]) SRV - [2000/06/29 03:45:10 \| 00,052,224 \| ---- \| M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Auto \| Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566.../www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/27 07:17:55 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 18:38:57 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2008/04/08 08:02:20 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/07/23 03:15:21 \| 00,000,000 \| ---D \| M] [2009/10/19 08:52:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions [2009/10/19 08:52:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/12/29 18:36:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/10/19 08:52:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\staged-xpis [2009/10/19 09:02:23 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2006/03/02 18:47:34 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007/06/27 10:19:29 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2008/02/12 12:01:52 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2008/03/19 08:33:31 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008/08/12 07:08:50 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/05/27 07:18:14 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2006/03/02 18:47:31 \| 00,060,518 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2006/03/02 18:47:34 \| 00,049,248 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2006/03/02 18:47:31 \| 00,165,992 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2009/05/27 07:17:53 \| 00,410,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2006/03/02 18:47:33 \| 00,017,024 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007/03/22 19:23:30 \| 00,017,248 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2006/12/18 04:18:30 \| 00,077,824 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2006/03/02 18:47:38 \| 00,000,680 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png [2006/03/02 18:47:38 \| 00,000,741 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src [2006/03/02 18:47:38 \| 00,001,150 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png [2006/03/02 18:47:38 \| 00,000,539 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src [2006/03/02 18:47:38 \| 00,000,356 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png [2006/03/02 18:47:38 \| 00,001,007 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src [2006/03/02 18:47:38 \| 00,000,210 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif [2006/03/02 18:47:38 \| 00,001,056 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src [2006/03/02 18:47:38 \| 00,001,076 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif [2006/03/02 18:47:38 \| 00,000,718 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src [2006/03/02 18:47:38 \| 00,000,088 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif [2006/03/02 18:47:38 \| 00,001,122 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src O1 HOSTS File: (2369 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: <html> O1 - Hosts: <head> O1 - Hosts: <title>cominstall-adobe-flash.com</title> O1 - Hosts: <script type="text/javascript" src="/js/general.js"></script> O1 - Hosts: <script type="text/javascript"> O1 - Hosts: ChkRequestEnc('YToyMTp7aTowO3M6MTk6IjIwMDktMTAtMTcgMDk6MDI6NTciO2k6MTtzOjc6IjMwNzgzMjEiO2k6MjtOO2k6MztzOjEyOiJDcmF6eUJybyAxLjAiO2k6 NDtzOjg1OiIvaC5waHA/Y2FjaGluZ0Rlbnk9LmNvbSZpZD1oLmNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJmlwPTEyNy4wLjAuMSZtb2RlPWhvc3RzJmRsbD0xIjtpOjU7czoxMzoi NzEuMTEzLjI0OS41NSI7aTo2O3M6MjoiMTEiO2k6NztzOjA6IiI7aTo4O3M6MToidCI7aTo5O3M6MjoiVVMiO2k6MTA7czo1OiJURVhBUyI7aToxMTtzOjY6I klSVklORyI7aToxMjtzOjI6IjE1IjtpOjEzO3M6MjY6ImNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tIjtpOjE0O3M6OTc6Imh0dHA6Ly9zZWRvcGFya2luZy 5jb20vc2VhcmNoL3JlZ2lzdHJhci5waHA/ZG9tYWluPWNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJnJlZ2lzdHJhcj10cmVsbGlhbjUiO2k6MTU7TjtpOjE2O047aToxNztOO2k6MTg7TjtpOjE5O047 aToyMDtOO30='); O1 - Hosts: </script> O1 - Hosts: <script type="text/javascript"> O1 - Hosts: var fl = "toolbar"; O1 - Hosts: var u = "/" + fl + ".php"; O1 - Hosts: u = u + "?enc=YToyMTp7aTowO3M6MTk6IjIwMDktMTAtMTcgMDk6MDI6NTciO2k6MTtzOjc6IjMwNzgzMjEiO2k6MjtOO2k6MztzOjEyOiJDcmF6eUJybyAxLjAiO2k6 NDtzOjg1OiIvaC5waHA%2FY2FjaGluZ0Rlbnk9LmNvbSZpZD1oLmNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJmlwPTEyNy4wLjAuMSZtb2RlPWhvc3RzJmRsbD0xIjtpOjU7czoxMz oiNzEuMTEzLjI0OS41NSI7aTo2O3M6MjoiMTEiO2k6NztzOjA6IiI7aTo4O3M6MToidCI7aTo5O3M6MjoiVVMiO2k6MTA7czo1OiJURVhBUyI7aToxMTtzOjY 6IklSVklORyI7aToxMjtzOjI6IjE1IjtpOjEzO3M6MjY6ImNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tIjtpOjE0O3M6OTc6Imh0dHA6Ly9zZWRvcGFya2lu Zy5jb20vc2VhcmNoL3JlZ2lzdHJhci5waHA%2FZG9tYWluPWNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJnJlZ2lzdHJhcj10cmVsbGlhbjUiO2k6MTU7TjtpOjE2O047aToxNztOO2k6MTg7TjtpOjE5O0 47aToyMDtOO30%3D"; O1 - Hosts: var w = '690'; O1 - Hosts: var h = '320'; O1 - Hosts: var wV = 'scrollbars=no,resizable=yes,toolbar=no,' + 'menubar=no,status=no,location=no,height=' + h + ',width=' + w; O1 - Hosts: tW = window.open(u, "tWin", wV); O1 - Hosts: if (null !== tW) O1 - Hosts: { O1 - Hosts: tW.blur(); O1 - Hosts: window.focus(); O1 - Hosts: } O1 - Hosts: </script> O1 - Hosts: </head> O1 - Hosts: <frameset rows="100%," frameborder="no" border="0" framespacing="0"> O1 - Hosts: <!-- SCC a11 --> O1 - Hosts: <frame src="http://sedoparking.com/search/registrar.php?domain=cominstall-adobe-flash.com&registrar=trellian5"> O1 - Hosts: 16 more lines... O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell) O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Chiro8000 v12 File Server.lnk = C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta () O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: aol.com ([objects] is out of zone range - 5) O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.acngroup.com/QM/charts/activexviewer.cab (Crystal Report Viewer Control 9) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module) O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c16/v22.147/qboax10.cab (QuickBooks Online Edition Utilities Class v10) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} https://accounting.quickbooks.com/c1/v15.559/qboax8.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} http://validate.measureup.com/test/control...ASADownload.CAB (MDASADownload.Complete) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/02/03 16:22:14 \| 00,000,000 \| ---D \| M] - C:\autodoc -- [ NTFS ] O32 - AutoRun File - [2007/01/21 10:36:34 \| 00,000,000 \| ---D \| M] - C:\Autodoc2 -- [ NTFS ] O32 - AutoRun File - [2004/10/26 20:50:33 \| 00,000,002 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/02/02 16:08:53 \| 00,000,000 \| ---D \| M] - C:\autosync -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) NetSvcs: Ip6FwHlp - Service key not found. File not found ========== Files/Folders - Created Within 14 Days ========== [2009/10/16 13:11:35 \| 00,000,000 \| -H-D \| C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/10/16 13:10:30 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2009/10/19 08:06:52 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/16 16:59:50 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/10/15 10:12:31 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Doylechiro\Application Data\Gmail [2009/10/19 08:07:25 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Doylechiro\Application Data\Malwarebytes [2009/10/19 08:04:17 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/10/19 08:06:51 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/16 17:24:26 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft Security Essentials [2009/10/16 17:17:01 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Windows Live Safety Center [2009/10/19 13:48:23 \| 00,521,216 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe [2009/10/19 13:42:19 \| 00,472,064 \| ---- \| C] ( ) -- C:\Documents and Settings\Doylechiro\Desktop\RootRepeal.exe [2009/10/19 08:08:25 \| 04,045,536 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doylechiro\Desktop\lllkkkiii-setup.exe [2009/10/19 08:06:55 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/19 08:06:52 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/19 08:05:33 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2009/10/19 07:36:18 \| 00,271,872 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\My Documents\TFC.exe [2009/10/16 13:14:17 \| 00,064,288 \| ---- \| C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys ========== Files - Modified Within 14 Days ========== [2009/10/19 13:48:29 \| 00,521,216 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe [2009/10/19 13:42:19 \| 00,472,064 \| ---- \| M] ( ) -- C:\Documents and Settings\Doylechiro\Desktop\RootRepeal.exe [2009/10/19 13:15:28 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/10/19 11:01:22 \| 00,002,119 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mat.gif [2009/10/19 11:01:22 \| 00,000,607 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mzn.gif [2009/10/19 11:01:22 \| 00,000,598 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mby.gif [2009/10/19 09:00:22 \| 00,001,170 \| ---- \| M] () -- C:\WINDOWS\System32\WPA.DBL [2009/10/19 09:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job [2009/10/19 08:50:16 \| 00,000,408 \| -H-- \| M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009/10/19 08:45:35 \| 00,000,448 \| ---- \| M] () -- C:\WINDOWS\tasks\RegCure Program Check.job [2009/10/19 08:45:18 \| 00,000,398 \| ---- \| M] () -- C:\WINDOWS\tasks\SDMsgUpdate (SmartDrawTrial).job [2009/10/19 08:45:18 \| 00,000,388 \| ---- \| M] () -- C:\WINDOWS\tasks\RegCure Startup.job [2009/10/19 08:45:09 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/19 08:44:59 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\BOOTSTAT.DAT [2009/10/19 08:09:46 \| 00,000,729 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/19 08:08:31 \| 04,045,536 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doylechiro\Desktop\lllkkkiii-setup.exe [2009/10/19 08:04:26 \| 00,000,800 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/10/19 08:04:23 \| 00,000,644 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Desktop\NTREGOPT.lnk [2009/10/19 08:04:22 \| 00,000,625 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Desktop\ERUNT.lnk [2009/10/19 07:36:23 \| 00,271,872 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\My Documents\TFC.exe [2009/10/19 04:03:00 \| 00,000,360 \| ---- \| M] () -- C:\WINDOWS\tasks\Scan for Viruses.job [2009/10/19 02:20:00 \| 00,000,620 \| ---- \| M] () -- C:\WINDOWS\tasks\ACOScheduler_DNS_Cody Doyle (v8)_DNS_Microphone (Mic-In)_DNS_DR_ CODY DOYLE_1.job [2009/10/18 03:06:01 \| 00,000,382 \| ---- \| M] () -- C:\WINDOWS\tasks\RegCure.job [2009/10/16 17:24:27 \| 00,000,853 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2009/10/16 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job [2009/10/16 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job [2009/10/16 14:40:10 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/16 13:11:33 \| 00,000,900 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/10/16 10:08:02 \| 00,002,187 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/10/15 03:27:17 \| 00,533,408 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/15 03:27:17 \| 00,463,200 \| ---- \| M] () -- C:\WINDOWS\System32\PERFH009.DAT [2009/10/15 03:27:17 \| 00,079,920 \| ---- \| M] () -- C:\WINDOWS\System32\PERFC009.DAT [2009/10/15 03:12:24 \| 00,001,393 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/10/14 04:00:00 \| 00,000,432 \| ---- \| M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DOCFW-Dr. Cody Doyle).job ========== Files - No Company Name ========== [2009/10/19 08:06:59 \| 00,000,729 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/19 08:04:26 \| 00,000,800 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/10/19 08:04:23 \| 00,000,644 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Desktop\NTREGOPT.lnk [2009/10/19 08:04:22 \| 00,000,625 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Desktop\ERUNT.lnk [2009/10/16 17:30:12 \| 00,000,408 \| -H-- \| C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009/10/16 17:24:27 \| 00,000,853 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2009/10/16 15:02:38 \| 00,015,688 \| ---- \| C] () -- C:\WINDOWS\System32\lsdelete.exe [2009/10/16 13:15:04 \| 00,000,472 \| ---- \| C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/10/16 13:11:33 \| 00,000,900 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/10/15 10:22:59 \| 00,002,119 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mat.gif [2009/10/15 10:22:59 \| 00,000,607 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mzn.gif [2009/10/15 10:22:59 \| 00,000,598 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mby.gif [2008/10/15 14:43:48 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\DM510.dll [2008/02/17 12:35:24 \| 00,004,114 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\SAS7_000.DAT [2008/02/04 18:23:10 \| 00,693,792 \| ---- \| C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2007/01/21 10:36:40 \| 00,003,584 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/10/02 12:51:26 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2006/04/17 14:45:49 \| 00,000,133 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\fusioncache.dat [2006/03/10 09:54:57 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\DESKTOP.INI [2006/03/10 09:54:53 \| 00,082,416 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2006/03/10 09:54:49 \| 01,578,622 \| -H-- \| C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\IconCache.db [2006/01/27 09:25:39 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\YCRWin32.dll [2006/01/17 15:58:04 \| 00,000,056 \| RHS- \| C] () -- C:\WINDOWS\System32\BADECEE175.sys [2006/01/17 15:41:52 \| 00,003,350 \| -HS- \| C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/09/29 15:00:21 \| 00,000,340 \| ---- \| C] () -- C:\WINDOWS\ptlabels.ini [2005/08/01 10:04:19 \| 00,000,187 \| ---- \| C] () -- C:\WINDOWS\wiseftp.ini [2005/04/11 14:49:25 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\plclient.INI [2005/03/03 09:17:05 \| 00,000,428 \| ---- \| C] () -- C:\WINDOWS\cdPlayer.ini [2005/01/31 16:08:30 \| 00,000,032 \| ---- \| C] () -- C:\WINDOWS\concentr.ini [2005/01/31 15:10:21 \| 00,000,042 \| ---- \| C] () -- C:\WINDOWS\webica.ini [2005/01/28 11:45:23 \| 00,000,377 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2004/12/09 18:36:40 \| 00,000,012 \| ---- \| C] () -- C:\WINDOWS\clocked.ini [2004/11/30 11:04:03 \| 00,000,072 \| ---- \| C] () -- C:\WINDOWS\WINTIME.INI [2004/11/26 21:57:26 \| 00,000,567 \| ---- \| C] () -- C:\WINDOWS\BTI.INI [2004/11/26 21:56:35 \| 00,118,784 \| ---- \| C] () -- C:\WINDOWS\System32\SAWZip.dll [2004/11/26 21:56:35 \| 00,069,632 \| ---- \| C] () -- C:\WINDOWS\System32\zlib.dll [2004/11/26 21:56:31 \| 00,307,200 \| ---- \| C] () -- C:\WINDOWS\System32\AppointmentView.dll [2004/11/26 21:56:27 \| 00,345,088 \| ---- \| C] () -- C:\WINDOWS\System32\ShrLk21.dll [2004/11/26 21:56:27 \| 00,304,128 \| ---- \| C] () -- C:\WINDOWS\System32\KeyGen.dll [2004/10/26 20:50:32 \| 00,000,121 \| ---- \| C] () -- C:\WINDOWS\Lname.ini [2004/10/26 20:50:29 \| 00,000,482 \| ---- \| C] () -- C:\WINDOWS\HITLIST.INI [2004/10/26 20:50:28 \| 00,000,214 \| ---- \| C] () -- C:\WINDOWS\Browser.ini [2004/10/26 10:19:45 \| 00,000,036 \| ---- \| C] () -- C:\WINDOWS\iltwain.ini [2004/09/03 08:49:07 \| 00,000,039 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2004/09/03 08:42:34 \| 00,000,045 \| ---- \| C] () -- C:\WINDOWS\IDIGFLGN.ini [2004/07/17 15:06:12 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\Dssole.INI [2004/07/17 15:06:07 \| 00,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll [2004/07/07 16:32:17 \| 00,014,938 \| ---- \| C] () -- C:\WINDOWS\System32\lvcoinst.ini [2004/06/30 08:34:22 \| 00,000,010 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2004/06/14 10:46:07 \| 00,051,392 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys [2004/06/08 11:27:17 \| 00,000,064 \| ---- \| C] () -- C:\WINDOWS\qwimp.ini [2004/06/08 11:27:15 \| 00,000,520 \| ---- \| C] () -- C:\WINDOWS\intuprof.ini [2004/06/08 11:24:14 \| 00,001,471 \| ---- \| C] () -- C:\WINDOWS\QUICKEN.INI [2004/06/01 10:24:42 \| 00,000,049 \| ---- \| C] () -- C:\WINDOWS\upth.ini [2004/06/01 10:24:42 \| 00,000,024 \| ---- \| C] () -- C:\WINDOWS\atid.ini [2004/05/21 13:34:09 \| 00,003,399 \| R--- \| C] () -- C:\WINDOWS\System32\hptcpmon.ini [2004/05/21 13:34:09 \| 00,000,134 \| ---- \| C] () -- C:\WINDOWS\System32\AddPort.ini [2004/05/21 13:31:37 \| 00,000,103 \| ---- \| C] () -- C:\WINDOWS\System32\hptrace.ini [2004/05/21 11:54:13 \| 00,001,437 \| ---- \| C] () -- C:\WINDOWS\hpdj5800.ini [2004/01/20 07:24:15 \| 00,040,278 \| ---- \| C] () -- C:\Program Files\Copy of Patients.dat [2003/11/04 11:39:18 \| 00,000,005 \| ---- \| C] () -- C:\WINDOWS\SUPER.INI [2003/10/20 16:00:28 \| 00,000,832 \| ---- \| C] () -- C:\WINDOWS\efscan.ini [2003/10/20 16:00:28 \| 00,000,021 \| ---- \| C] () -- C:\WINDOWS\efaxview.ini [2003/10/09 20:04:56 \| 00,000,027 \| ---- \| C] () -- C:\WINDOWS\UP9ASP.INI [2003/09/24 16:34:19 \| 00,251,392 \| ---- \| C] () -- C:\WINDOWS\System32\tx32.dll [2003/09/24 16:34:19 \| 00,000,150 \| ---- \| C] () -- C:\WINDOWS\System32\ic32.ini [2003/09/24 16:34:13 \| 00,010,092 \| ---- \| C] () -- C:\WINDOWS\exerpro.ini [2003/09/22 17:13:17 \| 00,000,773 \| ---- \| C] () -- C:\WINDOWS\BLST8.INI [2003/09/20 11:18:22 \| 00,000,173 \| ---- \| C] () -- C:\WINDOWS\srlink.ini [2003/09/20 11:18:22 \| 00,000,040 \| ---- \| C] () -- C:\WINDOWS\System32\sx96.ini [2003/09/20 11:17:42 \| 00,021,504 \| ---- \| C] () -- C:\WINDOWS\System32\docobj.dll [2003/09/20 11:15:13 \| 00,000,213 \| ---- \| C] () -- C:\WINDOWS\dgnsetup.ini [2003/09/18 07:51:25 \| 00,000,027 \| ---- \| C] () -- C:\WINDOWS\Crypkey.ini [2003/09/18 07:51:21 \| 00,024,608 \| ---- \| C] () -- C:\WINDOWS\System32\Ckldrv.sys [2003/09/18 07:51:21 \| 00,018,432 \| ---- \| C] () -- C:\WINDOWS\Setup_ck.dll [2003/09/18 07:50:22 \| 00,110,080 \| ---- \| C] () -- C:\WINDOWS\System32\W32mkrc.dll [2003/09/18 07:50:22 \| 00,097,290 \| ---- \| C] () -- C:\WINDOWS\System32\Crp32dll.dll [2003/09/18 07:50:17 \| 01,073,152 \| ---- \| C] () -- C:\WINDOWS\System32\owl53v.dll [2003/09/18 07:50:17 \| 00,906,784 \| ---- \| C] () -- C:\WINDOWS\System32\Owl52f.dll [2003/09/18 07:50:17 \| 00,017,424 \| ---- \| C] () -- C:\WINDOWS\System32\FH_BMP.DLL [2003/09/18 07:50:12 \| 00,531,456 \| ---- \| C] () -- C:\WINDOWS\System32\Bdt52cf.dll [2003/09/18 07:50:12 \| 00,518,080 \| ---- \| C] () -- C:\WINDOWS\System32\bdt52c.dll [2003/09/18 07:46:18 \| 00,001,640 \| ---- \| C] () -- C:\WINDOWS\TrackMe.ini [2003/09/16 10:07:26 \| 00,000,036 \| ---- \| C] () -- C:\WINDOWS\BLST.INI [2003/09/14 17:23:53 \| 00,174,608 \| ---- \| C] () -- C:\WINDOWS\Tutility.dll [2003/09/14 16:24:39 \| 00,001,371 \| ---- \| C] () -- C:\WINDOWS\PM4W.INI [2003/09/14 13:22:47 \| 00,009,208 \| ---- \| C] () -- C:\WINDOWS\hplj1300.ini [2003/09/14 13:17:09 \| 00,000,951 \| ---- \| C] () -- C:\WINDOWS\hpbvnstp.ini [2003/08/19 17:22:33 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2003/08/19 17:17:56 \| 00,000,885 \| ---- \| C] () -- C:\WINDOWS\lrun32.ini [2003/08/19 17:16:47 \| 00,001,143 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2003/08/19 17:11:52 \| 00,000,791 \| ---- \| C] () -- C:\WINDOWS\orun32.ini [2003/08/19 17:00:08 \| 00,363,520 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2003/08/19 16:49:32 \| 00,000,549 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2003/01/07 16:05:08 \| 00,002,695 \| ---- \| C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/12/09 09:38:12 \| 00,094,274 \| ---- \| C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [2002/09/03 13:36:02 \| 00,000,699 \| ---- \| C] () -- C:\WINDOWS\WIN.INI [2002/09/03 13:26:32 \| 00,000,246 \| ---- \| C] () -- C:\WINDOWS\SYSTEM.INI [2002/09/03 13:26:20 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI [2002/04/11 13:47:52 \| 00,049,152 \| ---- \| C] () -- C:\WINDOWS\System32\msmscoin.dll [2000/09/08 17:53:50 \| 00,073,839 \| ---- \| C] () -- C:\WINDOWS\System32\KodakOneTouch.dll [1999/01/27 13:39:06 \| 00,065,024 \| ---- \| C] () -- C:\WINDOWS\System32\indounin.dll [1997/06/13 07:56:08 \| 00,056,832 \| ---- \| C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [1980/01/01 00:00:00 \| 00,012,288 \| ---- \| C] () -- C:\WINDOWS\System32\e100bmsg.dll ========== LOP Check ========== [2009/10/19 08:06:52 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2009/10/16 13:11:55 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2006/01/17 15:54:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Borland [2006/01/17 15:50:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Corel [2004/11/26 15:38:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Dell [2004/10/26 10:20:12 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\G7PS [2009/01/13 20:08:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2006/01/27 09:30:46 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Motive [2007/04/03 14:42:51 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MSN6 [2008/02/17 12:02:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Nuance [2004/06/14 09:13:42 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks [2009/08/20 07:11:57 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\RegCure [2003/08/19 17:13:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2008/02/17 16:39:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2004/01/22 11:09:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Support.com [2009/10/16 16:59:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2005/02/06 14:03:29 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/10/19 08:07:25 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Doylechiro\Application Data [2007/01/10 12:56:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\ActiveDocs [2008/09/26 12:51:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\FileZilla [2006/09/27 12:58:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\G7PS [2009/10/15 10:17:16 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Gmail [2006/04/25 09:02:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Kana Solution [2008/03/03 18:46:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\KompoZer [2008/10/15 14:45:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\LinkManager 4.0 [2007/04/03 14:43:00 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\MSN6 [2008/02/17 12:07:54 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Nuance [2009/01/27 13:06:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\OpenOffice.org [2006/09/05 10:07:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\ScanSoft [2008/03/24 11:52:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Viewpoint [2009/10/19 02:20:00 \| 00,000,620 \| ---- \| M] () -- C:\WINDOWS\Tasks\ACOScheduler_DNS_Cody Doyle (v8)_DNS_Microphone (Mic-In)_DNS_DR_ CODY DOYLE_1.job [2009/10/19 13:15:28 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2009/10/16 14:40:10 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2002/08/29 05:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\DESKTOP.INI [2009/10/14 04:00:00 \| 00,000,432 \| ---- \| M] () -- C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DOCFW-Dr. Cody Doyle).job [2009/10/19 08:50:16 \| 00,000,408 \| -H-- \| M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2009/10/19 08:45:35 \| 00,000,448 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job [2009/10/19 08:45:18 \| 00,000,388 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure Startup.job [2009/10/18 03:06:01 \| 00,000,382 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure.job [2009/10/19 08:45:09 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/10/19 04:03:00 \| 00,000,360 \| ---- \| M] () -- C:\WINDOWS\Tasks\Scan for Viruses.job [2009/10/19 08:45:18 \| 00,000,398 \| ---- \| M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job [2009/10/16 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job [2009/10/19 09:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job [2009/10/16 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > [2005/12/12 13:01:18 \| 00,010,920 \| ---- \| M] () -- C:\aolconnfix.exe < %systemroot%\system32\eventlog.dll > [2008/04/13 19:11:53 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll < %systemroot%\system32\scecli.dll > [2008/04/13 19:12:05 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll < %systemroot%\netlogon.dll > < %systemroot%\system32\cngaudit.dll > < %systemroot%\system32\sceclt.dll > < %systemroot%\ntelogon.dll > < %systemroot%\system32\logevent.dll > ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\oldnartvtmp.rtf:SummaryInformation < End of report > Any help would be appreicated!

bitterbuck View Member Profile	Oct 19 2009, 01:52 PM Post #2
Member Posts: 18 OS: XP	Annted to add OTL Extras and MBAM Logs OTL logfile created on: 10/19/2009 1:49:31 PM - Run 1 OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Doylechiro\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 767.00 Mb Total Physical Memory \| 121.52 Mb Available Physical Memory \| 15.84% Memory free 1.46 Gb Paging File \| 0.84 Gb Available in Paging File \| 57.41% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 74.47 Gb Total Space \| 27.43 Gb Free Space \| 36.84% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOCFW Current User Name: Doylechiro Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/10/19 13:48:29 \| 00,521,216 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe PRC - [2009/10/16 13:13:20 \| 00,781,656 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2009/10/16 13:13:18 \| 01,170,768 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2009/09/13 18:52:50 \| 01,048,392 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2009/08/07 18:14:18 \| 29,577,216 \| ---- \| M] (Forté Systems) -- C:\Program Files\Forte Systems\Chiro8000 v12\PM.exe PRC - [2009/08/06 23:34:38 \| 00,380,928 \| ---- \| M] () -- C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe PRC - [2009/07/02 17:36:52 \| 00,017,904 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2009/06/10 17:28:26 \| 12,973,336 \| ---- \| M] () -- C:\Program Files\RegCure\RegCure.exe PRC - [2009/05/27 07:17:52 \| 00,148,888 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/05/27 07:17:51 \| 00,152,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/02/06 05:10:02 \| 00,227,840 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2008/11/05 22:59:00 \| 04,347,120 \| ---- \| M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe PRC - [2008/10/16 21:35:28 \| 00,116,032 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe PRC - [2008/10/16 21:35:24 \| 00,087,360 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe PRC - [2008/07/24 19:46:10 \| 00,063,040 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe PRC - [2008/04/13 19:12:19 \| 01,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2008/02/18 11:16:30 \| 00,110,592 \| ---- \| M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2007/12/21 13:30:40 \| 00,131,072 \| ---- \| M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe PRC - [2006/03/02 18:47:35 \| 07,166,053 \| ---- \| M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2005/08/11 17:30:30 \| 00,081,920 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2005/03/31 10:26:50 \| 00,229,376 \| ---- \| M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe PRC - [2005/01/04 12:50:52 \| 00,405,583 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE PRC - [2004/10/20 08:40:04 \| 00,010,328 \| R--- \| M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe PRC - [2004/09/22 19:46:10 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2004/05/24 12:35:52 \| 00,322,104 \| ---- \| M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe PRC - [2004/01/08 17:41:40 \| 00,073,796 \| ---- \| M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe PRC - [2003/09/19 13:11:46 \| 00,065,536 \| ---- \| M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe PRC - [2003/08/19 17:21:01 \| 00,151,597 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2003/06/24 10:46:30 \| 00,245,760 \| ---- \| M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe PRC - [2003/06/20 00:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2003/05/02 15:19:00 \| 00,069,632 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2003/03/05 06:30:10 \| 00,155,648 \| ---- \| M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe PRC - [2002/12/17 18:26:22 \| 07,520,337 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe PRC - [2002/12/17 18:23:32 \| 00,074,308 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe PRC - [2002/08/29 05:00:00 \| 00,016,896 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe PRC - [2002/03/21 23:41:56 \| 00,094,208 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe PRC - [2000/06/29 03:45:10 \| 00,052,224 \| ---- \| M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (Pml Driver HPZ12 [On_Demand \| Stopped]) SRV - [2009/10/16 13:13:18 \| 01,170,768 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto \| Running]) SRV - [2009/07/02 17:36:52 \| 00,017,904 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc [Auto \| Running]) SRV - [2009/05/27 07:17:51 \| 00,152,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto \| Running]) SRV - [2008/10/16 21:35:28 \| 00,116,032 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto \| Running]) SRV - [2008/07/29 21:10:04 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand \| Stopped]) SRV - [2008/07/29 19:24:50 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown \| Stopped]) SRV - [2008/07/29 19:16:38 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled \| Stopped]) SRV - [2008/07/25 11:17:02 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) SRV - [2008/07/25 11:16:40 \| 00,034,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand \| Stopped]) SRV - [2008/07/24 19:46:10 \| 00,063,040 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto \| Running]) SRV - [2008/04/13 19:12:02 \| 00,038,400 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto \| Running]) SRV - [2008/03/30 10:36:30 \| 00,504,104 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand \| Stopped]) SRV - [2008/02/18 11:16:30 \| 00,110,592 \| ---- \| M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto \| Running]) SRV - [2007/12/21 13:30:40 \| 00,131,072 \| ---- \| M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor [Auto \| Running]) SRV - [2004/10/22 04:24:18 \| 00,073,728 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand \| Stopped]) SRV - [2004/10/20 08:40:04 \| 00,010,328 \| R--- \| M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto \| Running]) SRV - [2004/10/15 15:54:14 \| 00,100,016 \| ---- \| M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Disabled \| Stopped]) SRV - [2004/09/22 19:46:10 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto \| Running]) SRV - [2004/05/24 12:35:52 \| 00,322,104 \| ---- \| M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS [Auto \| Running]) SRV - [2004/01/08 17:41:40 \| 00,073,796 \| ---- \| M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto \| Running]) SRV - [2003/09/19 13:11:46 \| 00,065,536 \| ---- \| M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service [Auto \| Running]) SRV - [2003/07/28 13:28:22 \| 00,089,136 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand \| Stopped]) SRV - [2003/06/20 00:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto \| Running]) SRV - [2003/05/02 15:19:00 \| 00,069,632 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto \| Running]) SRV - [2003/03/05 06:30:10 \| 00,155,648 \| ---- \| M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe -- (SuperProServer [Auto \| Running]) SRV - [2003/03/03 13:33:40 \| 00,143,360 \| ---- \| M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand \| Stopped]) SRV - [2002/12/17 18:26:22 \| 07,520,337 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto \| Running]) SRV - [2002/12/17 18:23:30 \| 00,311,872 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand \| Stopped]) SRV - [2002/12/17 18:23:30 \| 00,066,112 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand \| Stopped]) SRV - [2000/06/29 03:45:10 \| 00,052,224 \| ---- \| M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Auto \| Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566.../www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/27 07:17:55 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 18:38:57 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2008/04/08 08:02:20 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/07/23 03:15:21 \| 00,000,000 \| ---D \| M] [2009/10/19 08:52:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions [2009/10/19 08:52:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/12/29 18:36:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/10/19 08:52:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\staged-xpis [2009/10/19 09:02:23 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2006/03/02 18:47:34 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007/06/27 10:19:29 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2008/02/12 12:01:52 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2008/03/19 08:33:31 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008/08/12 07:08:50 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/05/27 07:18:14 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2006/03/02 18:47:31 \| 00,060,518 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2006/03/02 18:47:34 \| 00,049,248 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2006/03/02 18:47:31 \| 00,165,992 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2009/05/27 07:17:53 \| 00,410,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2006/03/02 18:47:33 \| 00,017,024 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007/03/22 19:23:30 \| 00,017,248 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2006/12/18 04:18:30 \| 00,077,824 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2006/03/02 18:47:38 \| 00,000,680 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png [2006/03/02 18:47:38 \| 00,000,741 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src [2006/03/02 18:47:38 \| 00,001,150 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png [2006/03/02 18:47:38 \| 00,000,539 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src [2006/03/02 18:47:38 \| 00,000,356 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png [2006/03/02 18:47:38 \| 00,001,007 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src [2006/03/02 18:47:38 \| 00,000,210 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif [2006/03/02 18:47:38 \| 00,001,056 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src [2006/03/02 18:47:38 \| 00,001,076 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif [2006/03/02 18:47:38 \| 00,000,718 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src [2006/03/02 18:47:38 \| 00,000,088 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif [2006/03/02 18:47:38 \| 00,001,122 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src O1 HOSTS File: (2369 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: <html> O1 - Hosts: <head> O1 - Hosts: <title>cominstall-adobe-flash.com</title> O1 - Hosts: <script type="text/javascript" src="/js/general.js"></script> O1 - Hosts: <script type="text/javascript"> O1 - Hosts: ChkRequestEnc('YToyMTp7aTowO3M6MTk6IjIwMDktMTAtMTcgMDk6MDI6NTciO2k6MTtzOjc6IjMwNzgzMjEiO2k6MjtOO2k6MztzOjEyOiJDcmF6eUJybyAxLjAiO2k6 NDtzOjg1OiIvaC5waHA/Y2FjaGluZ0Rlbnk9LmNvbSZpZD1oLmNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJmlwPTEyNy4wLjAuMSZtb2RlPWhvc3RzJmRsbD0xIjtpOjU7czoxMzoi NzEuMTEzLjI0OS41NSI7aTo2O3M6MjoiMTEiO2k6NztzOjA6IiI7aTo4O3M6MToidCI7aTo5O3M6MjoiVVMiO2k6MTA7czo1OiJURVhBUyI7aToxMTtzOjY6I klSVklORyI7aToxMjtzOjI6IjE1IjtpOjEzO3M6MjY6ImNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tIjtpOjE0O3M6OTc6Imh0dHA6Ly9zZWRvcGFya2luZy 5jb20vc2VhcmNoL3JlZ2lzdHJhci5waHA/ZG9tYWluPWNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJnJlZ2lzdHJhcj10cmVsbGlhbjUiO2k6MTU7TjtpOjE2O047aToxNztOO2k6MTg7TjtpOjE5O047 aToyMDtOO30='); O1 - Hosts: </script> O1 - Hosts: <script type="text/javascript"> O1 - Hosts: var fl = "toolbar"; O1 - Hosts: var u = "/" + fl + ".php"; O1 - Hosts: u = u + "?enc=YToyMTp7aTowO3M6MTk6IjIwMDktMTAtMTcgMDk6MDI6NTciO2k6MTtzOjc6IjMwNzgzMjEiO2k6MjtOO2k6MztzOjEyOiJDcmF6eUJybyAxLjAiO2k6 NDtzOjg1OiIvaC5waHA%2FY2FjaGluZ0Rlbnk9LmNvbSZpZD1oLmNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJmlwPTEyNy4wLjAuMSZtb2RlPWhvc3RzJmRsbD0xIjtpOjU7czoxMz oiNzEuMTEzLjI0OS41NSI7aTo2O3M6MjoiMTEiO2k6NztzOjA6IiI7aTo4O3M6MToidCI7aTo5O3M6MjoiVVMiO2k6MTA7czo1OiJURVhBUyI7aToxMTtzOjY 6IklSVklORyI7aToxMjtzOjI6IjE1IjtpOjEzO3M6MjY6ImNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tIjtpOjE0O3M6OTc6Imh0dHA6Ly9zZWRvcGFya2lu Zy5jb20vc2VhcmNoL3JlZ2lzdHJhci5waHA%2FZG9tYWluPWNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJnJlZ2lzdHJhcj10cmVsbGlhbjUiO2k6MTU7TjtpOjE2O047aToxNztOO2k6MTg7TjtpOjE5O0 47aToyMDtOO30%3D"; O1 - Hosts: var w = '690'; O1 - Hosts: var h = '320'; O1 - Hosts: var wV = 'scrollbars=no,resizable=yes,toolbar=no,' + 'menubar=no,status=no,location=no,height=' + h + ',width=' + w; O1 - Hosts: tW = window.open(u, "tWin", wV); O1 - Hosts: if (null !== tW) O1 - Hosts: { O1 - Hosts: tW.blur(); O1 - Hosts: window.focus(); O1 - Hosts: } O1 - Hosts: </script> O1 - Hosts: </head> O1 - Hosts: <frameset rows="100%," frameborder="no" border="0" framespacing="0"> O1 - Hosts: <!-- SCC a11 --> O1 - Hosts: <frame src="http://sedoparking.com/search/registrar.php?domain=cominstall-adobe-flash.com&registrar=trellian5"> O1 - Hosts: 16 more lines... O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell) O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Chiro8000 v12 File Server.lnk = C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta () O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: aol.com ([objects] is out of zone range - 5) O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.acngroup.com/QM/charts/activexviewer.cab (Crystal Report Viewer Control 9) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module) O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c16/v22.147/qboax10.cab (QuickBooks Online Edition Utilities Class v10) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} https://accounting.quickbooks.com/c1/v15.559/qboax8.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} http://validate.measureup.com/test/control...ASADownload.CAB (MDASADownload.Complete) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/02/03 16:22:14 \| 00,000,000 \| ---D \| M] - C:\autodoc -- [ NTFS ] O32 - AutoRun File - [2007/01/21 10:36:34 \| 00,000,000 \| ---D \| M] - C:\Autodoc2 -- [ NTFS ] O32 - AutoRun File - [2004/10/26 20:50:33 \| 00,000,002 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/02/02 16:08:53 \| 00,000,000 \| ---D \| M] - C:\autosync -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) NetSvcs: Ip6FwHlp - Service key not found. File not found ========== Files/Folders - Created Within 14 Days ========== [2009/10/16 13:11:35 \| 00,000,000 \| -H-D \| C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/10/16 13:10:30 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2009/10/19 08:06:52 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/16 16:59:50 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/10/15 10:12:31 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Doylechiro\Application Data\Gmail [2009/10/19 08:07:25 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Doylechiro\Application Data\Malwarebytes [2009/10/19 08:04:17 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/10/19 08:06:51 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/16 17:24:26 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft Security Essentials [2009/10/16 17:17:01 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Windows Live Safety Center [2009/10/19 13:48:23 \| 00,521,216 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe [2009/10/19 13:42:19 \| 00,472,064 \| ---- \| C] ( ) -- C:\Documents and Settings\Doylechiro\Desktop\RootRepeal.exe [2009/10/19 08:08:25 \| 04,045,536 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doylechiro\Desktop\lllkkkiii-setup.exe [2009/10/19 08:06:55 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/19 08:06:52 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/19 08:05:33 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2009/10/19 07:36:18 \| 00,271,872 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\My Documents\TFC.exe [2009/10/16 13:14:17 \| 00,064,288 \| ---- \| C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys ========== Files - Modified Within 14 Days ========== [2009/10/19 13:48:29 \| 00,521,216 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe [2009/10/19 13:42:19 \| 00,472,064 \| ---- \| M] ( ) -- C:\Documents and Settings\Doylechiro\Desktop\RootRepeal.exe [2009/10/19 13:15:28 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/10/19 11:01:22 \| 00,002,119 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mat.gif [2009/10/19 11:01:22 \| 00,000,607 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mzn.gif [2009/10/19 11:01:22 \| 00,000,598 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mby.gif [2009/10/19 09:00:22 \| 00,001,170 \| ---- \| M] () -- C:\WINDOWS\System32\WPA.DBL [2009/10/19 09:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job [2009/10/19 08:50:16 \| 00,000,408 \| -H-- \| M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009/10/19 08:45:35 \| 00,000,448 \| ---- \| M] () -- C:\WINDOWS\tasks\RegCure Program Check.job [2009/10/19 08:45:18 \| 00,000,398 \| ---- \| M] () -- C:\WINDOWS\tasks\SDMsgUpdate (SmartDrawTrial).job [2009/10/19 08:45:18 \| 00,000,388 \| ---- \| M] () -- C:\WINDOWS\tasks\RegCure Startup.job [2009/10/19 08:45:09 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/19 08:44:59 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\BOOTSTAT.DAT [2009/10/19 08:09:46 \| 00,000,729 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/19 08:08:31 \| 04,045,536 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doylechiro\Desktop\lllkkkiii-setup.exe [2009/10/19 08:04:26 \| 00,000,800 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/10/19 08:04:23 \| 00,000,644 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Desktop\NTREGOPT.lnk [2009/10/19 08:04:22 \| 00,000,625 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Desktop\ERUNT.lnk [2009/10/19 07:36:23 \| 00,271,872 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\My Documents\TFC.exe [2009/10/19 04:03:00 \| 00,000,360 \| ---- \| M] () -- C:\WINDOWS\tasks\Scan for Viruses.job [2009/10/19 02:20:00 \| 00,000,620 \| ---- \| M] () -- C:\WINDOWS\tasks\ACOScheduler_DNS_Cody Doyle (v8)_DNS_Microphone (Mic-In)_DNS_DR_ CODY DOYLE_1.job [2009/10/18 03:06:01 \| 00,000,382 \| ---- \| M] () -- C:\WINDOWS\tasks\RegCure.job [2009/10/16 17:24:27 \| 00,000,853 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2009/10/16 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job [2009/10/16 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job [2009/10/16 14:40:10 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/16 13:11:33 \| 00,000,900 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/10/16 10:08:02 \| 00,002,187 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/10/15 03:27:17 \| 00,533,408 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/15 03:27:17 \| 00,463,200 \| ---- \| M] () -- C:\WINDOWS\System32\PERFH009.DAT [2009/10/15 03:27:17 \| 00,079,920 \| ---- \| M] () -- C:\WINDOWS\System32\PERFC009.DAT [2009/10/15 03:12:24 \| 00,001,393 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/10/14 04:00:00 \| 00,000,432 \| ---- \| M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DOCFW-Dr. Cody Doyle).job ========== Files - No Company Name ========== [2009/10/19 08:06:59 \| 00,000,729 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/19 08:04:26 \| 00,000,800 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/10/19 08:04:23 \| 00,000,644 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Desktop\NTREGOPT.lnk [2009/10/19 08:04:22 \| 00,000,625 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Desktop\ERUNT.lnk [2009/10/16 17:30:12 \| 00,000,408 \| -H-- \| C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009/10/16 17:24:27 \| 00,000,853 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2009/10/16 15:02:38 \| 00,015,688 \| ---- \| C] () -- C:\WINDOWS\System32\lsdelete.exe [2009/10/16 13:15:04 \| 00,000,472 \| ---- \| C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/10/16 13:11:33 \| 00,000,900 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/10/15 10:22:59 \| 00,002,119 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mat.gif [2009/10/15 10:22:59 \| 00,000,607 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mzn.gif [2009/10/15 10:22:59 \| 00,000,598 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mby.gif [2008/10/15 14:43:48 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\DM510.dll [2008/02/17 12:35:24 \| 00,004,114 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\SAS7_000.DAT [2008/02/04 18:23:10 \| 00,693,792 \| ---- \| C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2007/01/21 10:36:40 \| 00,003,584 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/10/02 12:51:26 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2006/04/17 14:45:49 \| 00,000,133 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\fusioncache.dat [2006/03/10 09:54:57 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\DESKTOP.INI [2006/03/10 09:54:53 \| 00,082,416 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2006/03/10 09:54:49 \| 01,578,622 \| -H-- \| C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\IconCache.db [2006/01/27 09:25:39 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\YCRWin32.dll [2006/01/17 15:58:04 \| 00,000,056 \| RHS- \| C] () -- C:\WINDOWS\System32\BADECEE175.sys [2006/01/17 15:41:52 \| 00,003,350 \| -HS- \| C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/09/29 15:00:21 \| 00,000,340 \| ---- \| C] () -- C:\WINDOWS\ptlabels.ini [2005/08/01 10:04:19 \| 00,000,187 \| ---- \| C] () -- C:\WINDOWS\wiseftp.ini [2005/04/11 14:49:25 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\plclient.INI [2005/03/03 09:17:05 \| 00,000,428 \| ---- \| C] () -- C:\WINDOWS\cdPlayer.ini [2005/01/31 16:08:30 \| 00,000,032 \| ---- \| C] () -- C:\WINDOWS\concentr.ini [2005/01/31 15:10:21 \| 00,000,042 \| ---- \| C] () -- C:\WINDOWS\webica.ini [2005/01/28 11:45:23 \| 00,000,377 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2004/12/09 18:36:40 \| 00,000,012 \| ---- \| C] () -- C:\WINDOWS\clocked.ini [2004/11/30 11:04:03 \| 00,000,072 \| ---- \| C] () -- C:\WINDOWS\WINTIME.INI [2004/11/26 21:57:26 \| 00,000,567 \| ---- \| C] () -- C:\WINDOWS\BTI.INI [2004/11/26 21:56:35 \| 00,118,784 \| ---- \| C] () -- C:\WINDOWS\System32\SAWZip.dll [2004/11/26 21:56:35 \| 00,069,632 \| ---- \| C] () -- C:\WINDOWS\System32\zlib.dll [2004/11/26 21:56:31 \| 00,307,200 \| ---- \| C] () -- C:\WINDOWS\System32\AppointmentView.dll [2004/11/26 21:56:27 \| 00,345,088 \| ---- \| C] () -- C:\WINDOWS\System32\ShrLk21.dll [2004/11/26 21:56:27 \| 00,304,128 \| ---- \| C] () -- C:\WINDOWS\System32\KeyGen.dll [2004/10/26 20:50:32 \| 00,000,121 \| ---- \| C] () -- C:\WINDOWS\Lname.ini [2004/10/26 20:50:29 \| 00,000,482 \| ---- \| C] () -- C:\WINDOWS\HITLIST.INI [2004/10/26 20:50:28 \| 00,000,214 \| ---- \| C] () -- C:\WINDOWS\Browser.ini [2004/10/26 10:19:45 \| 00,000,036 \| ---- \| C] () -- C:\WINDOWS\iltwain.ini [2004/09/03 08:49:07 \| 00,000,039 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2004/09/03 08:42:34 \| 00,000,045 \| ---- \| C] () -- C:\WINDOWS\IDIGFLGN.ini [2004/07/17 15:06:12 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\Dssole.INI [2004/07/17 15:06:07 \| 00,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll [2004/07/07 16:32:17 \| 00,014,938 \| ---- \| C] () -- C:\WINDOWS\System32\lvcoinst.ini [2004/06/30 08:34:22 \| 00,000,010 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2004/06/14 10:46:07 \| 00,051,392 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys [2004/06/08 11:27:17 \| 00,000,064 \| ---- \| C] () -- C:\WINDOWS\qwimp.ini [2004/06/08 11:27:15 \| 00,000,520 \| ---- \| C] () -- C:\WINDOWS\intuprof.ini [2004/06/08 11:24:14 \| 00,001,471 \| ---- \| C] () -- C:\WINDOWS\QUICKEN.INI [2004/06/01 10:24:42 \| 00,000,049 \| ---- \| C] () -- C:\WINDOWS\upth.ini [2004/06/01 10:24:42 \| 00,000,024 \| ---- \| C] () -- C:\WINDOWS\atid.ini [2004/05/21 13:34:09 \| 00,003,399 \| R--- \| C] () -- C:\WINDOWS\System32\hptcpmon.ini [2004/05/21 13:34:09 \| 00,000,134 \| ---- \| C] () -- C:\WINDOWS\System32\AddPort.ini [2004/05/21 13:31:37 \| 00,000,103 \| ---- \| C] () -- C:\WINDOWS\System32\hptrace.ini [2004/05/21 11:54:13 \| 00,001,437 \| ---- \| C] () -- C:\WINDOWS\hpdj5800.ini [2004/01/20 07:24:15 \| 00,040,278 \| ---- \| C] () -- C:\Program Files\Copy of Patients.dat [2003/11/04 11:39:18 \| 00,000,005 \| ---- \| C] () -- C:\WINDOWS\SUPER.INI [2003/10/20 16:00:28 \| 00,000,832 \| ---- \| C] () -- C:\WINDOWS\efscan.ini [2003/10/20 16:00:28 \| 00,000,021 \| ---- \| C] () -- C:\WINDOWS\efaxview.ini [2003/10/09 20:04:56 \| 00,000,027 \| ---- \| C] () -- C:\WINDOWS\UP9ASP.INI [2003/09/24 16:34:19 \| 00,251,392 \| ---- \| C] () -- C:\WINDOWS\System32\tx32.dll [2003/09/24 16:34:19 \| 00,000,150 \| ---- \| C] () -- C:\WINDOWS\System32\ic32.ini [2003/09/24 16:34:13 \| 00,010,092 \| ---- \| C] () -- C:\WINDOWS\exerpro.ini [2003/09/22 17:13:17 \| 00,000,773 \| ---- \| C] () -- C:\WINDOWS\BLST8.INI [2003/09/20 11:18:22 \| 00,000,173 \| ---- \| C] () -- C:\WINDOWS\srlink.ini [2003/09/20 11:18:22 \| 00,000,040 \| ---- \| C] () -- C:\WINDOWS\System32\sx96.ini [2003/09/20 11:17:42 \| 00,021,504 \| ---- \| C] () -- C:\WINDOWS\System32\docobj.dll [2003/09/20 11:15:13 \| 00,000,213 \| ---- \| C] () -- C:\WINDOWS\dgnsetup.ini [2003/09/18 07:51:25 \| 00,000,027 \| ---- \| C] () -- C:\WINDOWS\Crypkey.ini [2003/09/18 07:51:21 \| 00,024,608 \| ---- \| C] () -- C:\WINDOWS\System32\Ckldrv.sys [2003/09/18 07:51:21 \| 00,018,432 \| ---- \| C] () -- C:\WINDOWS\Setup_ck.dll [2003/09/18 07:50:22 \| 00,110,080 \| ---- \| C] () -- C:\WINDOWS\System32\W32mkrc.dll [2003/09/18 07:50:22 \| 00,097,290 \| ---- \| C] () -- C:\WINDOWS\System32\Crp32dll.dll [2003/09/18 07:50:17 \| 01,073,152 \| ---- \| C] () -- C:\WINDOWS\System32\owl53v.dll [2003/09/18 07:50:17 \| 00,906,784 \| ---- \| C] () -- C:\WINDOWS\System32\Owl52f.dll [2003/09/18 07:50:17 \| 00,017,424 \| ---- \| C] () -- C:\WINDOWS\System32\FH_BMP.DLL [2003/09/18 07:50:12 \| 00,531,456 \| ---- \| C] () -- C:\WINDOWS\System32\Bdt52cf.dll [2003/09/18 07:50:12 \| 00,518,080 \| ---- \| C] () -- C:\WINDOWS\System32\bdt52c.dll [2003/09/18 07:46:18 \| 00,001,640 \| ---- \| C] () -- C:\WINDOWS\TrackMe.ini [2003/09/16 10:07:26 \| 00,000,036 \| ---- \| C] () -- C:\WINDOWS\BLST.INI [2003/09/14 17:23:53 \| 00,174,608 \| ---- \| C] () -- C:\WINDOWS\Tutility.dll [2003/09/14 16:24:39 \| 00,001,371 \| ---- \| C] () -- C:\WINDOWS\PM4W.INI [2003/09/14 13:22:47 \| 00,009,208 \| ---- \| C] () -- C:\WINDOWS\hplj1300.ini [2003/09/14 13:17:09 \| 00,000,951 \| ---- \| C] () -- C:\WINDOWS\hpbvnstp.ini [2003/08/19 17:22:33 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2003/08/19 17:17:56 \| 00,000,885 \| ---- \| C] () -- C:\WINDOWS\lrun32.ini [2003/08/19 17:16:47 \| 00,001,143 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2003/08/19 17:11:52 \| 00,000,791 \| ---- \| C] () -- C:\WINDOWS\orun32.ini [2003/08/19 17:00:08 \| 00,363,520 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2003/08/19 16:49:32 \| 00,000,549 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2003/01/07 16:05:08 \| 00,002,695 \| ---- \| C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/12/09 09:38:12 \| 00,094,274 \| ---- \| C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [2002/09/03 13:36:02 \| 00,000,699 \| ---- \| C] () -- C:\WINDOWS\WIN.INI [2002/09/03 13:26:32 \| 00,000,246 \| ---- \| C] () -- C:\WINDOWS\SYSTEM.INI [2002/09/03 13:26:20 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI [2002/04/11 13:47:52 \| 00,049,152 \| ---- \| C] () -- C:\WINDOWS\System32\msmscoin.dll [2000/09/08 17:53:50 \| 00,073,839 \| ---- \| C] () -- C:\WINDOWS\System32\KodakOneTouch.dll [1999/01/27 13:39:06 \| 00,065,024 \| ---- \| C] () -- C:\WINDOWS\System32\indounin.dll [1997/06/13 07:56:08 \| 00,056,832 \| ---- \| C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [1980/01/01 00:00:00 \| 00,012,288 \| ---- \| C] () -- C:\WINDOWS\System32\e100bmsg.dll ========== LOP Check ========== [2009/10/19 08:06:52 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2009/10/16 13:11:55 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2006/01/17 15:54:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Borland [2006/01/17 15:50:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Corel [2004/11/26 15:38:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Dell [2004/10/26 10:20:12 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\G7PS [2009/01/13 20:08:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2006/01/27 09:30:46 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Motive [2007/04/03 14:42:51 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MSN6 [2008/02/17 12:02:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Nuance [2004/06/14 09:13:42 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks [2009/08/20 07:11:57 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\RegCure [2003/08/19 17:13:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2008/02/17 16:39:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2004/01/22 11:09:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Support.com [2009/10/16 16:59:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2005/02/06 14:03:29 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/10/19 08:07:25 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Doylechiro\Application Data [2007/01/10 12:56:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\ActiveDocs [2008/09/26 12:51:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\FileZilla [2006/09/27 12:58:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\G7PS [2009/10/15 10:17:16 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Gmail [2006/04/25 09:02:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Kana Solution [2008/03/03 18:46:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\KompoZer [2008/10/15 14:45:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\LinkManager 4.0 [2007/04/03 14:43:00 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\MSN6 [2008/02/17 12:07:54 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Nuance [2009/01/27 13:06:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\OpenOffice.org [2006/09/05 10:07:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\ScanSoft [2008/03/24 11:52:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Viewpoint [2009/10/19 02:20:00 \| 00,000,620 \| ---- \| M] () -- C:\WINDOWS\Tasks\ACOScheduler_DNS_Cody Doyle (v8)_DNS_Microphone (Mic-In)_DNS_DR_ CODY DOYLE_1.job [2009/10/19 13:15:28 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2009/10/16 14:40:10 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2002/08/29 05:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\DESKTOP.INI [2009/10/14 04:00:00 \| 00,000,432 \| ---- \| M] () -- C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DOCFW-Dr. Cody Doyle).job [2009/10/19 08:50:16 \| 00,000,408 \| -H-- \| M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2009/10/19 08:45:35 \| 00,000,448 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job [2009/10/19 08:45:18 \| 00,000,388 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure Startup.job [2009/10/18 03:06:01 \| 00,000,382 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure.job [2009/10/19 08:45:09 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/10/19 04:03:00 \| 00,000,360 \| ---- \| M] () -- C:\WINDOWS\Tasks\Scan for Viruses.job [2009/10/19 08:45:18 \| 00,000,398 \| ---- \| M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job [2009/10/16 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job [2009/10/19 09:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job [2009/10/16 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > [2005/12/12 13:01:18 \| 00,010,920 \| ---- \| M] () -- C:\aolconnfix.exe < %systemroot%\system32\eventlog.dll > [2008/04/13 19:11:53 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll < %systemroot%\system32\scecli.dll > [2008/04/13 19:12:05 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll < %systemroot%\netlogon.dll > < %systemroot%\system32\cngaudit.dll > < %systemroot%\system32\sceclt.dll > < %systemroot%\ntelogon.dll > < %systemroot%\system32\logevent.dll > ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\oldnartvtmp.rtf:SummaryInformation < End of report > MBAM Malwarebytes' Anti-Malware 1.41 Database version: 2986 Windows 5.1.2600 Service Pack 3 10/19/2009 2:51:52 PM mbam-log-2009-10-19 (14-51-52).txt Scan type: Quick Scan Objects scanned: 122544 Time elapsed: 9 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

andrewuk View Member Profile	Oct 24 2009, 07:16 AM Post #3
Trusted Helper Posts: 4,592 From: London, UK OS: XP	Hello bitterbuck welcome to geekstogo and sorry to keep you waiting lets get some uptodate logs for me to analyse. ====STEP 1==== go to http://www.geekstogo.com/forum/Malware-Spy...uide-t2852.html and run RootRepeal in Step Five: Rootkit Detection ====STEP 2==== from the same page, go to Step Six: Post an OTL Log and run the OTL log, include the custom scan as explained on that page. In your next reply could i see: 1. the RootRepeal log 2. the OTL log The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts. andrewuk

bitterbuck View Member Profile	Oct 26 2009, 07:04 AM Post #4
Member Posts: 18 OS: XP	Thanks!!! Here are the logs ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/26 08:03 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xF0B7D000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7CC3000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xF03EC000 Size: 49152 File Visible: No Signed: - Status: - Processes ------------------- Path: C:\Documents and Settings\Doylechiro\Application Data\Gmail\gorhv17911194.exe PID: 3676 Status: Hidden from the Windows API! SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "Lbd.sys" at address 0xf777f87e #: 247 Function Name: NtSetValueKey Status: Hooked by "Lbd.sys" at address 0xf777fbfe ==EOF== OTL logfile created on: 10/26/2009 7:38:08 AM - Run 2 OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Doylechiro\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 767.00 Mb Total Physical Memory \| 310.23 Mb Available Physical Memory \| 40.45% Memory free 1.46 Gb Paging File \| 0.95 Gb Available in Paging File \| 65.24% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 74.47 Gb Total Space \| 27.13 Gb Free Space \| 36.44% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOCFW Current User Name: Doylechiro Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/10/19 13:48:29 \| 00,521,216 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe PRC - [2009/10/16 13:13:20 \| 00,781,656 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2009/10/16 13:13:18 \| 01,170,768 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2009/09/13 18:52:50 \| 01,048,392 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2009/08/06 23:34:38 \| 00,380,928 \| ---- \| M] () -- C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe PRC - [2009/07/02 17:36:52 \| 00,017,904 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2009/06/10 17:28:26 \| 12,973,336 \| ---- \| M] () -- C:\Program Files\RegCure\RegCure.exe PRC - [2009/05/27 07:17:52 \| 00,148,888 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/05/27 07:17:51 \| 00,152,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/02/06 05:10:02 \| 00,227,840 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2008/11/05 22:59:00 \| 00,079,088 \| ---- \| M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe PRC - [2008/10/16 21:35:28 \| 00,116,032 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe PRC - [2008/10/16 21:35:24 \| 00,087,360 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe PRC - [2008/07/24 19:46:10 \| 00,063,040 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe PRC - [2008/06/17 16:16:14 \| 03,463,976 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe PRC - [2008/04/13 19:12:19 \| 01,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2008/02/18 11:16:30 \| 00,110,592 \| ---- \| M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2007/12/21 13:30:40 \| 00,131,072 \| ---- \| M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe PRC - [2005/08/11 17:30:30 \| 00,618,496 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe PRC - [2005/08/11 17:30:30 \| 00,249,856 \| ---- \| M] (Macrovision Corporation) -- c:\program files\common files\installshield\updateservice\isuspm.exe PRC - [2005/08/11 17:30:30 \| 00,081,920 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2005/01/04 12:50:52 \| 00,405,583 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE PRC - [2004/10/20 08:40:04 \| 00,010,328 \| R--- \| M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe PRC - [2004/09/22 19:46:10 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2004/05/24 12:35:52 \| 00,322,104 \| ---- \| M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe PRC - [2004/01/08 17:41:40 \| 00,073,796 \| ---- \| M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe PRC - [2003/09/19 13:11:46 \| 00,065,536 \| ---- \| M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe PRC - [2003/08/19 17:21:01 \| 00,151,597 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2003/06/24 10:46:30 \| 00,245,760 \| ---- \| M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe PRC - [2003/06/20 00:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2003/05/02 15:19:00 \| 00,069,632 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2003/03/05 06:30:10 \| 00,155,648 \| ---- \| M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe PRC - [2002/12/17 18:26:22 \| 07,520,337 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe PRC - [2002/12/17 18:23:32 \| 00,074,308 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe PRC - [2002/08/29 05:00:00 \| 00,016,896 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe PRC - [2002/03/21 23:41:56 \| 00,094,208 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe PRC - [2000/06/29 03:45:10 \| 00,052,224 \| ---- \| M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (Pml Driver HPZ12 [On_Demand \| Stopped]) SRV - [2009/10/16 13:13:18 \| 01,170,768 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto \| Running]) SRV - [2009/07/02 17:36:52 \| 00,017,904 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc [Auto \| Running]) SRV - [2009/05/27 07:17:51 \| 00,152,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto \| Running]) SRV - [2008/10/16 21:35:28 \| 00,116,032 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto \| Running]) SRV - [2008/07/29 21:10:04 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand \| Stopped]) SRV - [2008/07/29 19:24:50 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown \| Stopped]) SRV - [2008/07/29 19:16:38 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled \| Stopped]) SRV - [2008/07/25 11:17:02 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) SRV - [2008/07/25 11:16:40 \| 00,034,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand \| Stopped]) SRV - [2008/07/24 19:46:10 \| 00,063,040 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto \| Running]) SRV - [2008/04/13 19:12:02 \| 00,038,400 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto \| Running]) SRV - [2008/03/30 10:36:30 \| 00,504,104 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand \| Stopped]) SRV - [2008/02/18 11:16:30 \| 00,110,592 \| ---- \| M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto \| Running]) SRV - [2007/12/21 13:30:40 \| 00,131,072 \| ---- \| M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor [Auto \| Running]) SRV - [2004/10/22 04:24:18 \| 00,073,728 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand \| Stopped]) SRV - [2004/10/20 08:40:04 \| 00,010,328 \| R--- \| M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto \| Running]) SRV - [2004/10/15 15:54:14 \| 00,100,016 \| ---- \| M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Disabled \| Stopped]) SRV - [2004/09/22 19:46:10 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto \| Running]) SRV - [2004/05/24 12:35:52 \| 00,322,104 \| ---- \| M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS [Auto \| Running]) SRV - [2004/01/08 17:41:40 \| 00,073,796 \| ---- \| M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto \| Running]) SRV - [2003/09/19 13:11:46 \| 00,065,536 \| ---- \| M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service [Auto \| Running]) SRV - [2003/07/28 13:28:22 \| 00,089,136 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand \| Stopped]) SRV - [2003/06/20 00:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto \| Running]) SRV - [2003/05/02 15:19:00 \| 00,069,632 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto \| Running]) SRV - [2003/03/05 06:30:10 \| 00,155,648 \| ---- \| M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe -- (SuperProServer [Auto \| Running]) SRV - [2003/03/03 13:33:40 \| 00,143,360 \| ---- \| M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand \| Stopped]) SRV - [2002/12/17 18:26:22 \| 07,520,337 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto \| Running]) SRV - [2002/12/17 18:23:30 \| 00,311,872 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand \| Stopped]) SRV - [2002/12/17 18:23:30 \| 00,066,112 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand \| Stopped]) SRV - [2000/06/29 03:45:10 \| 00,052,224 \| ---- \| M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Auto \| Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/27 07:17:55 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 18:38:57 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2008/04/08 08:02:20 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/07/23 03:15:21 \| 00,000,000 \| ---D \| M] [2009/10/19 08:52:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions [2009/10/19 08:52:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/12/29 18:36:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/10/19 08:52:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\staged-xpis [2009/10/19 09:02:23 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2006/03/02 18:47:34 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007/06/27 10:19:29 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2008/02/12 12:01:52 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2008/03/19 08:33:31 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008/08/12 07:08:50 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/05/27 07:18:14 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2006/03/02 18:47:31 \| 00,060,518 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2006/03/02 18:47:34 \| 00,049,248 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2006/03/02 18:47:31 \| 00,165,992 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2009/05/27 07:17:53 \| 00,410,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2006/03/02 18:47:33 \| 00,017,024 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007/03/22 19:23:30 \| 00,017,248 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2006/12/18 04:18:30 \| 00,077,824 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2006/03/02 18:47:38 \| 00,000,680 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png [2006/03/02 18:47:38 \| 00,000,741 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src [2006/03/02 18:47:38 \| 00,001,150 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png [2006/03/02 18:47:38 \| 00,000,539 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src [2006/03/02 18:47:38 \| 00,000,356 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png [2006/03/02 18:47:38 \| 00,001,007 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src [2006/03/02 18:47:38 \| 00,000,210 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif [2006/03/02 18:47:38 \| 00,001,056 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src [2006/03/02 18:47:38 \| 00,001,076 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif [2006/03/02 18:47:38 \| 00,000,718 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src [2006/03/02 18:47:38 \| 00,000,088 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif [2006/03/02 18:47:38 \| 00,001,122 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src O1 HOSTS File: (2369 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: <html> O1 - Hosts: <head> O1 - Hosts: <title>cominstall-adobe-flash.com</title> O1 - Hosts: <script type="text/javascript" src="/js/general.js"></script> O1 - Hosts: <script type="text/javascript"> O1 - Hosts: ChkRequestEnc('YToyMTp7aTowO3M6MTk6IjIwMDktMTAtMTcgMDk6MDI6NTciO2k6MTtzOjc6IjMwNzgzMjEiO2k6MjtOO2k6MztzOjEyOiJDcmF6eUJybyAxLjAiO2k6 NDtzOjg1OiIvaC5waHA/Y2FjaGluZ0Rlbnk9LmNvbSZpZD1oLmNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJmlwPTEyNy4wLjAuMSZtb2RlPWhvc3RzJmRsbD0xIjtpOjU7czoxMzoi NzEuMTEzLjI0OS41NSI7aTo2O3M6MjoiMTEiO2k6NztzOjA6IiI7aTo4O3M6MToidCI7aTo5O3M6MjoiVVMiO2k6MTA7czo1OiJURVhBUyI7aToxMTtzOjY6I klSVklORyI7aToxMjtzOjI6IjE1IjtpOjEzO3M6MjY6ImNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tIjtpOjE0O3M6OTc6Imh0dHA6Ly9zZWRvcGFya2luZy 5jb20vc2VhcmNoL3JlZ2lzdHJhci5waHA/ZG9tYWluPWNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJnJlZ2lzdHJhcj10cmVsbGlhbjUiO2k6MTU7TjtpOjE2O047aToxNztOO2k6MTg7TjtpOjE5O047 aToyMDtOO30='); O1 - Hosts: </script> O1 - Hosts: <script type="text/javascript"> O1 - Hosts: var fl = "toolbar"; O1 - Hosts: var u = "/" + fl + ".php"; O1 - Hosts: u = u + "?enc=YToyMTp7aTowO3M6MTk6IjIwMDktMTAtMTcgMDk6MDI6NTciO2k6MTtzOjc6IjMwNzgzMjEiO2k6MjtOO2k6MztzOjEyOiJDcmF6eUJybyAxLjAiO2k6 NDtzOjg1OiIvaC5waHA%2FY2FjaGluZ0Rlbnk9LmNvbSZpZD1oLmNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJmlwPTEyNy4wLjAuMSZtb2RlPWhvc3RzJmRsbD0xIjtpOjU7czoxMz oiNzEuMTEzLjI0OS41NSI7aTo2O3M6MjoiMTEiO2k6NztzOjA6IiI7aTo4O3M6MToidCI7aTo5O3M6MjoiVVMiO2k6MTA7czo1OiJURVhBUyI7aToxMTtzOjY 6IklSVklORyI7aToxMjtzOjI6IjE1IjtpOjEzO3M6MjY6ImNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tIjtpOjE0O3M6OTc6Imh0dHA6Ly9zZWRvcGFya2lu Zy5jb20vc2VhcmNoL3JlZ2lzdHJhci5waHA%2FZG9tYWluPWNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJnJlZ2lzdHJhcj10cmVsbGlhbjUiO2k6MTU7TjtpOjE2O047aToxNztOO2k6MTg7TjtpOjE5O0 47aToyMDtOO30%3D"; O1 - Hosts: var w = '690'; O1 - Hosts: var h = '320'; O1 - Hosts: var wV = 'scrollbars=no,resizable=yes,toolbar=no,' + 'menubar=no,status=no,location=no,height=' + h + ',width=' + w; O1 - Hosts: tW = window.open(u, "tWin", wV); O1 - Hosts: if (null !== tW) O1 - Hosts: { O1 - Hosts: tW.blur(); O1 - Hosts: window.focus(); O1 - Hosts: } O1 - Hosts: </script> O1 - Hosts: </head> O1 - Hosts: <frameset rows="100%," frameborder="no" border="0" framespacing="0"> O1 - Hosts: <!-- SCC a11 --> O1 - Hosts: <frame src="http://sedoparking.com/search/registrar.php?domain=cominstall-adobe-flash.com&registrar=trellian5"> O1 - Hosts: 16 more lines... O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell) O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation) O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Chiro8000 v12 File Server.lnk = C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta () O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: aol.com ([objects] is out of zone range - 5) O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.acngroup.com/QM/charts/activexviewer.cab (Crystal Report Viewer Control 9) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module) O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c16/v22.147/qboax10.cab (QuickBooks Online Edition Utilities Class v10) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} https://accounting.quickbooks.com/c1/v15.559/qboax8.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} http://validate.measureup.com/test/control...ASADownload.CAB (MDASADownload.Complete) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/02/03 16:22:14 \| 00,000,000 \| ---D \| M] - C:\autodoc -- [ NTFS ] O32 - AutoRun File - [2007/01/21 10:36:34 \| 00,000,000 \| ---D \| M] - C:\Autodoc2 -- [ NTFS ] O32 - AutoRun File - [2004/10/26 20:50:33 \| 00,000,002 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/02/02 16:08:53 \| 00,000,000 \| ---D \| M] - C:\autosync -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) NetSvcs: Ip6FwHlp - Service key not found. File not found ========== Files/Folders - Created Within 14 Days ========== [2009/10/16 13:11:35 \| 00,000,000 \| -H-D \| C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/10/16 13:10:30 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2009/10/19 08:06:52 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/16 16:59:50 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/10/15 10:12:31 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Doylechiro\Application Data\Gmail [2009/10/19 08:07:25 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Doylechiro\Application Data\Malwarebytes [2009/10/19 08:04:17 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/10/19 08:06:51 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/16 17:24:26 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft Security Essentials [2009/10/16 17:17:01 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Windows Live Safety Center [2009/10/19 13:48:23 \| 00,521,216 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe [2009/10/19 13:42:19 \| 00,472,064 \| ---- \| C] ( ) -- C:\Documents and Settings\Doylechiro\Desktop\RootRepeal.exe [2009/10/19 08:08:25 \| 04,045,536 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doylechiro\Desktop\lllkkkiii-setup.exe [2009/10/19 08:06:55 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/19 08:06:52 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/19 08:05:33 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2009/10/19 07:36:18 \| 00,271,872 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\My Documents\TFC.exe [2009/10/16 13:14:17 \| 00,064,288 \| ---- \| C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys ========== Files - Modified Within 14 Days ========== [2009/10/26 07:31:10 \| 00,000,000 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Desktop\settings.dat [2009/10/26 07:19:19 \| 00,002,187 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/10/26 07:11:25 \| 00,000,408 \| -H-- \| M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009/10/26 07:08:18 \| 00,000,448 \| ---- \| M] () -- C:\WINDOWS\tasks\RegCure Program Check.job [2009/10/26 07:08:07 \| 00,001,170 \| ---- \| M] () -- C:\WINDOWS\System32\WPA.DBL [2009/10/26 07:07:58 \| 00,000,398 \| ---- \| M] () -- C:\WINDOWS\tasks\SDMsgUpdate (SmartDrawTrial).job [2009/10/26 07:07:58 \| 00,000,388 \| ---- \| M] () -- C:\WINDOWS\tasks\RegCure Startup.job [2009/10/26 07:07:46 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/10/26 07:06:11 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/26 07:06:04 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\BOOTSTAT.DAT [2009/10/23 12:33:23 \| 00,002,119 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mat.gif [2009/10/23 12:33:23 \| 00,000,607 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mzn.gif [2009/10/23 12:33:23 \| 00,000,598 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mby.gif [2009/10/23 09:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job [2009/10/21 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job [2009/10/19 13:48:29 \| 00,521,216 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe [2009/10/19 13:42:19 \| 00,472,064 \| ---- \| M] ( ) -- C:\Documents and Settings\Doylechiro\Desktop\RootRepeal.exe [2009/10/19 08:09:46 \| 00,000,729 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/19 08:08:31 \| 04,045,536 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doylechiro\Desktop\lllkkkiii-setup.exe [2009/10/19 08:04:26 \| 00,000,800 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/10/19 08:04:23 \| 00,000,644 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Desktop\NTREGOPT.lnk [2009/10/19 08:04:22 \| 00,000,625 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Desktop\ERUNT.lnk [2009/10/19 07:36:23 \| 00,271,872 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\My Documents\TFC.exe [2009/10/19 04:03:00 \| 00,000,360 \| ---- \| M] () -- C:\WINDOWS\tasks\Scan for Viruses.job [2009/10/19 02:20:00 \| 00,000,620 \| ---- \| M] () -- C:\WINDOWS\tasks\ACOScheduler_DNS_Cody Doyle (v8)_DNS_Microphone (Mic-In)_DNS_DR_ CODY DOYLE_1.job [2009/10/18 03:06:01 \| 00,000,382 \| ---- \| M] () -- C:\WINDOWS\tasks\RegCure.job [2009/10/16 17:24:27 \| 00,000,853 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2009/10/16 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job [2009/10/16 14:40:10 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/16 13:11:33 \| 00,000,900 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/10/15 03:27:17 \| 00,533,408 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/15 03:27:17 \| 00,463,200 \| ---- \| M] () -- C:\WINDOWS\System32\PERFH009.DAT [2009/10/15 03:27:17 \| 00,079,920 \| ---- \| M] () -- C:\WINDOWS\System32\PERFC009.DAT [2009/10/15 03:12:24 \| 00,001,393 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/10/14 04:00:00 \| 00,000,432 \| ---- \| M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DOCFW-Dr. Cody Doyle).job ========== Files - No Company Name ========== [2009/10/26 07:31:10 \| 00,000,000 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Desktop\settings.dat [2009/10/19 08:06:59 \| 00,000,729 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/19 08:04:26 \| 00,000,800 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/10/19 08:04:23 \| 00,000,644 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Desktop\NTREGOPT.lnk [2009/10/19 08:04:22 \| 00,000,625 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Desktop\ERUNT.lnk [2009/10/16 17:30:12 \| 00,000,408 \| -H-- \| C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009/10/16 17:24:27 \| 00,000,853 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2009/10/16 15:02:38 \| 00,015,688 \| ---- \| C] () -- C:\WINDOWS\System32\lsdelete.exe [2009/10/16 13:15:04 \| 00,000,472 \| ---- \| C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/10/16 13:11:33 \| 00,000,900 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/10/15 10:22:59 \| 00,002,119 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mat.gif [2009/10/15 10:22:59 \| 00,000,607 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mzn.gif [2009/10/15 10:22:59 \| 00,000,598 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mby.gif [2008/10/15 14:43:48 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\DM510.dll [2008/02/17 12:35:24 \| 00,004,114 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\SAS7_000.DAT [2008/02/04 18:23:10 \| 00,693,792 \| ---- \| C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2007/01/21 10:36:40 \| 00,003,584 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/10/02 12:51:26 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2006/04/17 14:45:49 \| 00,000,133 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\fusioncache.dat [2006/03/10 09:54:57 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\DESKTOP.INI [2006/03/10 09:54:53 \| 00,082,416 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2006/03/10 09:54:49 \| 01,578,622 \| -H-- \| C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\IconCache.db [2006/01/27 09:25:39 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\YCRWin32.dll [2006/01/17 15:58:04 \| 00,000,056 \| RHS- \| C] () -- C:\WINDOWS\System32\BADECEE175.sys [2006/01/17 15:41:52 \| 00,003,350 \| -HS- \| C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/09/29 15:00:21 \| 00,000,340 \| ---- \| C] () -- C:\WINDOWS\ptlabels.ini [2005/08/01 10:04:19 \| 00,000,187 \| ---- \| C] () -- C:\WINDOWS\wiseftp.ini [2005/04/11 14:49:25 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\plclient.INI [2005/03/03 09:17:05 \| 00,000,428 \| ---- \| C] () -- C:\WINDOWS\cdPlayer.ini [2005/01/31 16:08:30 \| 00,000,032 \| ---- \| C] () -- C:\WINDOWS\concentr.ini [2005/01/31 15:10:21 \| 00,000,042 \| ---- \| C] () -- C:\WINDOWS\webica.ini [2005/01/28 11:45:23 \| 00,000,377 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2004/12/09 18:36:40 \| 00,000,012 \| ---- \| C] () -- C:\WINDOWS\clocked.ini [2004/11/30 11:04:03 \| 00,000,072 \| ---- \| C] () -- C:\WINDOWS\WINTIME.INI [2004/11/26 21:57:26 \| 00,000,567 \| ---- \| C] () -- C:\WINDOWS\BTI.INI [2004/11/26 21:56:35 \| 00,118,784 \| ---- \| C] () -- C:\WINDOWS\System32\SAWZip.dll [2004/11/26 21:56:35 \| 00,069,632 \| ---- \| C] () -- C:\WINDOWS\System32\zlib.dll [2004/11/26 21:56:31 \| 00,307,200 \| ---- \| C] () -- C:\WINDOWS\System32\AppointmentView.dll [2004/11/26 21:56:27 \| 00,345,088 \| ---- \| C] () -- C:\WINDOWS\System32\ShrLk21.dll [2004/11/26 21:56:27 \| 00,304,128 \| ---- \| C] () -- C:\WINDOWS\System32\KeyGen.dll [2004/10/26 20:50:32 \| 00,000,121 \| ---- \| C] () -- C:\WINDOWS\Lname.ini [2004/10/26 20:50:29 \| 00,000,482 \| ---- \| C] () -- C:\WINDOWS\HITLIST.INI [2004/10/26 20:50:28 \| 00,000,214 \| ---- \| C] () -- C:\WINDOWS\Browser.ini [2004/10/26 10:19:45 \| 00,000,036 \| ---- \| C] () -- C:\WINDOWS\iltwain.ini [2004/09/03 08:49:07 \| 00,000,039 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2004/09/03 08:42:34 \| 00,000,045 \| ---- \| C] () -- C:\WINDOWS\IDIGFLGN.ini [2004/07/17 15:06:12 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\Dssole.INI [2004/07/17 15:06:07 \| 00,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll [2004/07/07 16:32:17 \| 00,014,938 \| ---- \| C] () -- C:\WINDOWS\System32\lvcoinst.ini [2004/06/30 08:34:22 \| 00,000,010 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2004/06/14 10:46:07 \| 00,051,392 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys [2004/06/08 11:27:17 \| 00,000,064 \| ---- \| C] () -- C:\WINDOWS\qwimp.ini [2004/06/08 11:27:15 \| 00,000,520 \| ---- \| C] () -- C:\WINDOWS\intuprof.ini [2004/06/08 11:24:14 \| 00,001,471 \| ---- \| C] () -- C:\WINDOWS\QUICKEN.INI [2004/06/01 10:24:42 \| 00,000,049 \| ---- \| C] () -- C:\WINDOWS\upth.ini [2004/06/01 10:24:42 \| 00,000,024 \| ---- \| C] () -- C:\WINDOWS\atid.ini [2004/05/21 13:34:09 \| 00,003,399 \| R--- \| C] () -- C:\WINDOWS\System32\hptcpmon.ini [2004/05/21 13:34:09 \| 00,000,134 \| ---- \| C] () -- C:\WINDOWS\System32\AddPort.ini [2004/05/21 13:31:37 \| 00,000,103 \| ---- \| C] () -- C:\WINDOWS\System32\hptrace.ini [2004/05/21 11:54:13 \| 00,001,437 \| ---- \| C] () -- C:\WINDOWS\hpdj5800.ini [2004/01/20 07:24:15 \| 00,040,278 \| ---- \| C] () -- C:\Program Files\Copy of Patients.dat [2003/11/04 11:39:18 \| 00,000,005 \| ---- \| C] () -- C:\WINDOWS\SUPER.INI [2003/10/20 16:00:28 \| 00,000,832 \| ---- \| C] () -- C:\WINDOWS\efscan.ini [2003/10/20 16:00:28 \| 00,000,021 \| ---- \| C] () -- C:\WINDOWS\efaxview.ini [2003/10/09 20:04:56 \| 00,000,027 \| ---- \| C] () -- C:\WINDOWS\UP9ASP.INI [2003/09/24 16:34:19 \| 00,251,392 \| ---- \| C] () -- C:\WINDOWS\System32\tx32.dll [2003/09/24 16:34:19 \| 00,000,150 \| ---- \| C] () -- C:\WINDOWS\System32\ic32.ini [2003/09/24 16:34:13 \| 00,010,092 \| ---- \| C] () -- C:\WINDOWS\exerpro.ini [2003/09/22 17:13:17 \| 00,000,773 \| ---- \| C] () -- C:\WINDOWS\BLST8.INI [2003/09/20 11:18:22 \| 00,000,173 \| ---- \| C] () -- C:\WINDOWS\srlink.ini [2003/09/20 11:18:22 \| 00,000,040 \| ---- \| C] () -- C:\WINDOWS\System32\sx96.ini [2003/09/20 11:17:42 \| 00,021,504 \| ---- \| C] () -- C:\WINDOWS\System32\docobj.dll [2003/09/20 11:15:13 \| 00,000,213 \| ---- \| C] () -- C:\WINDOWS\dgnsetup.ini [2003/09/18 07:51:25 \| 00,000,027 \| ---- \| C] () -- C:\WINDOWS\Crypkey.ini [2003/09/18 07:51:21 \| 00,024,608 \| ---- \| C] () -- C:\WINDOWS\System32\Ckldrv.sys [2003/09/18 07:51:21 \| 00,018,432 \| ---- \| C] () -- C:\WINDOWS\Setup_ck.dll [2003/09/18 07:50:22 \| 00,110,080 \| ---- \| C] () -- C:\WINDOWS\System32\W32mkrc.dll [2003/09/18 07:50:22 \| 00,097,290 \| ---- \| C] () -- C:\WINDOWS\System32\Crp32dll.dll [2003/09/18 07:50:17 \| 01,073,152 \| ---- \| C] () -- C:\WINDOWS\System32\owl53v.dll [2003/09/18 07:50:17 \| 00,906,784 \| ---- \| C] () -- C:\WINDOWS\System32\Owl52f.dll [2003/09/18 07:50:17 \| 00,017,424 \| ---- \| C] () -- C:\WINDOWS\System32\FH_BMP.DLL [2003/09/18 07:50:12 \| 00,531,456 \| ---- \| C] () -- C:\WINDOWS\System32\Bdt52cf.dll [2003/09/18 07:50:12 \| 00,518,080 \| ---- \| C] () -- C:\WINDOWS\System32\bdt52c.dll [2003/09/18 07:46:18 \| 00,001,640 \| ---- \| C] () -- C:\WINDOWS\TrackMe.ini [2003/09/16 10:07:26 \| 00,000,036 \| ---- \| C] () -- C:\WINDOWS\BLST.INI [2003/09/14 17:23:53 \| 00,174,608 \| ---- \| C] () -- C:\WINDOWS\Tutility.dll [2003/09/14 16:24:39 \| 00,001,371 \| ---- \| C] () -- C:\WINDOWS\PM4W.INI [2003/09/14 13:22:47 \| 00,009,208 \| ---- \| C] () -- C:\WINDOWS\hplj1300.ini [2003/09/14 13:17:09 \| 00,000,951 \| ---- \| C] () -- C:\WINDOWS\hpbvnstp.ini [2003/08/19 17:22:33 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2003/08/19 17:17:56 \| 00,000,885 \| ---- \| C] () -- C:\WINDOWS\lrun32.ini [2003/08/19 17:16:47 \| 00,001,143 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2003/08/19 17:11:52 \| 00,000,791 \| ---- \| C] () -- C:\WINDOWS\orun32.ini [2003/08/19 17:00:08 \| 00,363,520 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2003/08/19 16:49:32 \| 00,000,549 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2003/01/07 16:05:08 \| 00,002,695 \| ---- \| C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/12/09 09:38:12 \| 00,094,274 \| ---- \| C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [2002/09/03 13:36:02 \| 00,000,699 \| ---- \| C] () -- C:\WINDOWS\WIN.INI [2002/09/03 13:26:32 \| 00,000,246 \| ---- \| C] () -- C:\WINDOWS\SYSTEM.INI [2002/09/03 13:26:20 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI [2002/04/11 13:47:52 \| 00,049,152 \| ---- \| C] () -- C:\WINDOWS\System32\msmscoin.dll [2000/09/08 17:53:50 \| 00,073,839 \| ---- \| C] () -- C:\WINDOWS\System32\KodakOneTouch.dll [1999/01/27 13:39:06 \| 00,065,024 \| ---- \| C] () -- C:\WINDOWS\System32\indounin.dll [1997/06/13 07:56:08 \| 00,056,832 \| ---- \| C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [1980/01/01 00:00:00 \| 00,012,288 \| ---- \| C] () -- C:\WINDOWS\System32\e100bmsg.dll ========== LOP Check ========== [2009/10/19 08:06:52 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2009/10/16 13:11:55 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2006/01/17 15:54:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Borland [2006/01/17 15:50:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Corel [2004/11/26 15:38:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Dell [2004/10/26 10:20:12 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\G7PS [2009/01/13 20:08:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2006/01/27 09:30:46 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Motive [2007/04/03 14:42:51 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MSN6 [2008/02/17 12:02:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Nuance [2004/06/14 09:13:42 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks [2009/08/20 07:11:57 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\RegCure [2003/08/19 17:13:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2008/02/17 16:39:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2004/01/22 11:09:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Support.com [2009/10/16 16:59:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2005/02/06 14:03:29 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/10/19 08:07:25 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Doylechiro\Application Data [2007/01/10 12:56:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\ActiveDocs [2008/09/26 12:51:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\FileZilla [2006/09/27 12:58:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\G7PS [2009/10/15 10:17:16 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Gmail [2006/04/25 09:02:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Kana Solution [2008/03/03 18:46:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\KompoZer [2008/10/15 14:45:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\LinkManager 4.0 [2007/04/03 14:43:00 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\MSN6 [2008/02/17 12:07:54 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Nuance [2009/01/27 13:06:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\OpenOffice.org [2006/09/05 10:07:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\ScanSoft [2008/03/24 11:52:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Viewpoint [2009/10/19 02:20:00 \| 00,000,620 \| ---- \| M] () -- C:\WINDOWS\Tasks\ACOScheduler_DNS_Cody Doyle (v8)_DNS_Microphone (Mic-In)_DNS_DR_ CODY DOYLE_1.job [2009/10/26 07:07:46 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2009/10/16 14:40:10 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2002/08/29 05:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\DESKTOP.INI [2009/10/14 04:00:00 \| 00,000,432 \| ---- \| M] () -- C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DOCFW-Dr. Cody Doyle).job [2009/10/26 07:11:25 \| 00,000,408 \| -H-- \| M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2009/10/26 07:08:18 \| 00,000,448 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job [2009/10/26 07:07:58 \| 00,000,388 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure Startup.job [2009/10/18 03:06:01 \| 00,000,382 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure.job [2009/10/26 07:06:11 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/10/19 04:03:00 \| 00,000,360 \| ---- \| M] () -- C:\WINDOWS\Tasks\Scan for Viruses.job [2009/10/26 07:07:58 \| 00,000,398 \| ---- \| M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job [2009/10/16 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job [2009/10/23 09:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job [2009/10/21 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\.exe > [2005/12/12 13:01:18 \| 00,010,920 \| ---- \| M] () -- C:\aolconnfix.exe < %SYSTEMDRIVE%\eventlog.dll /s /md5 > EVENTLOG.DLL : MD5=BF3C8CF53C77B48206B39910B6D6CBCC -> C:\I386\EVENTLOG.DLL -> [2002/08/29 05:00:00 \| 00,049,152 \| ---- \| M] (Microsoft Corporation) [2 C:\I386\.tmp files] eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -> [2004/08/04 02:56:42 \| 00,055,808 \| ---- \| M] (Microsoft Corporation) eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\ServicePackFiles\i386\eventlog.dll -> [2008/04/13 19:11:53 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\System32\eventlog.dll -> [2008/04/13 19:11:53 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) < %SYSTEMDRIVE%\scecli.dll /s /md5 > SCECLI.DLL : MD5=97418A5C642A5C748A28BD7CF6860B57 -> C:\I386\SCECLI.DLL -> [2002/08/29 05:00:00 \| 00,174,592 \| ---- \| M] (Microsoft Corporation) [2 C:\I386\.tmp files] scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -> [2004/08/04 02:56:44 \| 00,180,224 \| ---- \| M] (Microsoft Corporation) scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\ServicePackFiles\i386\scecli.dll -> [2008/04/13 19:12:05 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\System32\scecli.dll -> [2008/04/13 19:12:05 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) < %SYSTEMDRIVE%\netlogon.dll /s /md5 > NETLOGON.DLL : MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -> C:\I386\NETLOGON.DLL -> [2002/08/29 05:00:00 \| 00,399,360 \| ---- \| M] (Microsoft Corporation) [2 C:\I386\.tmp files] netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -> [2004/08/04 02:56:44 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\ServicePackFiles\i386\netlogon.dll -> [2008/04/13 19:12:01 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\System32\netlogon.dll -> [2008/04/13 19:12:01 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 > atapi.sys : MD5=3C33F5479520844A186C2D43ECFFD477 -> C:\I386\atapi.sys -> [2003/01/31 15:43:30 \| 00,087,040 \| ---- \| M] (Microsoft Corporation) [2 C:\I386\*.tmp files] atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -> [2004/08/04 00:59:42 \| 00,095,360 \| ---- \| M] (Microsoft Corporation) atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\ServicePackFiles\i386\atapi.sys -> [2008/04/13 13:40:30 \| 00,096,512 \| ---- \| M] (Microsoft Corporation) atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\System32\DRIVERS\atapi.sys -> [2008/04/13 13:40:30 \| 00,096,512 \| ---- \| M] (Microsoft Corporation) atapi.sys : MD5=95B858761A00E1D4F81F79A0DA019ACA -> C:\WINDOWS\System32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys -> [2002/08/29 01:27:50 \| 00,086,912 \| ---- \| M] (Microsoft Corporation) atapi.sys : MD5=95B858761A00E1D4F81F79A0DA019ACA -> C:\WINDOWS\System32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys -> [2002/08/29 01:27:50 \| 00,086,912 \| ---- \| M] (Microsoft Corporation) < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\oldnartvtmp.rtf:SummaryInformation < End of report >

andrewuk View Member Profile	Oct 26 2009, 07:30 AM Post #5
Trusted Helper Posts: 4,592 From: London, UK OS: XP	====STEP 1==== Run OTL.exe by double clicking the icon on your desktop Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) :Commands [resethosts] [emptytemp] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done There is unlikely to be a log to post ====STEP 2==== We will then use ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. ====STEP 3==== We will run OTL , but go for a shortened log. Close all windows and open it by double clicking on the icon we are targetting a selective output, hence: on the left hand side, in the box titled "Processes" select none on the left hand side, in the box titled "Drivers" select none on the left hand side, in the box titled "Extra Registry" select none on the right hand side, in the box titled "Files created within" select none on the right hand side, in the box titled "Files modified within" select none tick both the boxes marked Purity check and Lop check Click Run Scan and let the program run uninterrupted It will produce one log for you called OTL.txt. Please post that log here in reply. In your next reply could i see: 1. the combofix log 2. the OTL log The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts. andrewuk

bitterbuck View Member Profile	Oct 26 2009, 09:10 AM Post #6
Member Posts: 18 OS: XP	Combofix ComboFix 09-10-25.02 - Doylechiro 10/26/2009 9:45.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.189 [GMT -5:00] Running from: c:\documents and settings\Doylechiro\My Documents\ComboFix.exe AV: Microsoft Security Essentials On-access scanning disabled (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Doylechiro\Application Data\Gmail c:\documents and settings\Doylechiro\Application Data\Gmail\gorhv17911194.exe c:\documents and settings\Doylechiro\Application Data\Gmail\Shell32.dll c:\documents and settings\Doylechiro\Application Data\Gmail\Shell32.dll . ((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 ))))))))))))))))))))))))))))))) . 2009-10-19 13:04 . 2009-10-19 13:04 -------- d-----w- c:\program files\ERUNT 2009-10-16 22:30 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-10-16 22:24 . 2009-10-16 22:25 -------- d-----w- c:\program files\Microsoft Security Essentials 2009-10-16 22:17 . 2009-10-16 22:18 -------- d-----w- c:\program files\Windows Live Safety Center 2009-10-16 21:59 . 2009-10-16 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-16 20:02 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-10-16 18:14 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-10-16 18:11 . 2009-10-16 18:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-16 18:10 . 2009-10-16 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-26 12:06 . 2006-12-20 22:45 -------- d-----w- c:\program files\LogMeIn 2009-10-19 13:43 . 2003-08-19 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com 2009-10-19 13:09 . 2009-10-19 13:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-19 13:07 . 2009-10-19 13:07 -------- d-----w- c:\documents and settings\Doylechiro\Application Data\Malwarebytes 2009-10-19 13:06 . 2009-10-19 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-16 18:10 . 2004-11-05 15:34 -------- d-----w- c:\program files\Lavasoft 2009-09-11 14:18 . 2002-08-29 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 19:54 . 2009-10-19 13:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 19:53 . 2009-10-19 13:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-10 08:13 . 2009-07-21 12:22 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-04 21:03 . 2002-08-29 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-31 18:07 . 2008-04-08 13:44 62096 ---ha-w- c:\windows\system32\mlfcache.dat 2009-08-31 13:58 . 2009-08-31 13:58 -------- d-----w- c:\program files\LogMeIn Rescue Calling Card 2009-08-29 07:36 . 2004-02-06 23:05 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2002-08-29 10:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-26 08:00 . 2002-08-29 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-25 12:09 . 2006-03-10 14:54 82416 ----a-w- c:\documents and settings\Doylechiro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-25 12:08 . 2003-08-19 22:15 8224 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 20:09 . 2009-08-20 20:09 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-05 09:01 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 01:44 . 1980-01-01 05:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 1980-01-01 05:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe 2004-01-20 13:33 . 2004-01-20 12:24 40278 -c--a-w- c:\program files\Copy of Patients.dat 2006-03-02 23:47 . 2006-03-02 23:47 60518 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2006-03-02 23:47 . 2006-03-02 23:47 49248 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2006-03-02 23:47 . 2006-03-02 23:47 165992 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2009-01-14 02:23 . 2006-01-17 20:58 56 --sh--r- c:\windows\SYSTEM32\BADECEE175.sys 2009-01-14 02:23 . 2006-01-17 20:41 3350 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 405583] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-06-24 245760] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768] "IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-27 148888] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-08-19 151597] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760] c:\documents and settings\Doylechiro\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Chiro8000 v12 File Server.lnk - c:\program files\Forte Systems\Chiro8000 v12\FileServer.exe [2008-12-11 380928] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-17 02:35 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Chiro8000 File Server.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Chiro8000 File Server.lnk backup=c:\windows\pss\Chiro8000 File Server.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk backup=c:\windows\pss\Device Detector 2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk backup=c:\windows\pss\Kodak software updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Doylechiro^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk] path=c:\documents and settings\Doylechiro\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Doylechiro^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk] path=c:\documents and settings\Doylechiro\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Dr. Cody Doyle^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk] path=c:\documents and settings\Dr. Cody Doyle\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AOL TopSpeedMonitor"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Outlook Express\\msimn.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SYSTEM32\\mshta.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\UltraVNC\\vncviewer.exe"= "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\PVSW\\Bin\\w3dbsmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Forte Systems\\Chiro8000 v12\\PM.exe"= "c:\\PVSW\\Bin\\sqldmgr.exe"= "c:\\Program Files\\Forte Systems\\Chiro8000 v12\\FileServer.exe"= "c:\\Program Files\\Forte Systems\\Chiro8000\\FileServer.exe"= "c:\\Program Files\\Forte Systems\\Chiro8000 v12\\DBUtility.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "8080:TCP"= 8080:TCP:Remote Access "1433:TCP"= 1433:TCP::Disabled:1433 "1433:UDP"= 1433:UDP::Disabled:1433 "14000:TCP"= 14000:TCP::Disabled:14000 "14000:UDP"= 14000:UDP::Disabled:14000 "110:TCP"= 110:TCP:svchost R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [10/16/2009 1:14 PM 64288] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1170768] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys [1/13/2009 8:08 PM 47640] R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;c:\program files\Visioneer\OneTouch 4.0\OtService.exe [12/21/2007 1:30 PM 131072] R2 vnccom;vnccom;c:\windows\SYSTEM32\DRIVERS\vnccom.SYS [9/14/2008 4:56 PM 6016] S4 LMIRfsClientNP;LMIRfsClientNP; [x] --- Other Services/Drivers In Memory --- NewlyCreated - MBR Deregistered - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:13] 2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57] 2009-10-26 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36] 2009-10-26 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2009-06-10 22:28] 2009-10-26 c:\windows\Tasks\RegCure Startup.job - c:\program files\RegCure\RegCure.exe [2009-06-10 22:28] 2009-10-18 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2009-06-10 22:28] 2009-10-26 c:\windows\Tasks\SDMsgUpdate (SmartDrawTrial).job - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2005-11-09 17:09] 2009-10-16 c:\windows\Tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job - c:\windows\system32\mobsync.exe [2002-08-29 00:12] 2009-10-26 c:\windows\Tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job - c:\windows\system32\mobsync.exe [2002-08-29 00:12] 2009-10-21 c:\windows\Tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job - c:\windows\system32\mobsync.exe [2002-08-29 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.yahoo.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/ uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} - hxxp://validate.measureup.com/test/controls/MDASADownload.CAB FF - ProfilePath - c:\documents and settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); . - - - - ORPHANS REMOVED - - - - HKLM-Run-realtekc - c:\documents and settings\Doylechiro\Application Data\Gmail\gorhv17911194.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-26 10:00 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???8???????x???x???????????x???????????x???x??????????????????????????????????????????w????????????j??w????x???x?????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(676) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . Completion time: 2009-10-26 10:04 ComboFix-quarantined-files.txt 2009-10-26 15:04 Pre-Run: 29,184,630,784 bytes free Post-Run: 29,202,206,720 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn - - End Of File - - DD58CC7140833D09F720E20D75FCBDFB OTL OTL logfile created on: 10/26/2009 10:08:47 AM - Run 3 OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Doylechiro\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 767.00 Mb Total Physical Memory \| 205.68 Mb Available Physical Memory \| 26.82% Memory free 1.46 Gb Paging File \| 1.00 Gb Available in Paging File \| 68.64% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 74.47 Gb Total Space \| 27.23 Gb Free Space \| 36.57% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOCFW Current User Name: Doylechiro Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (Pml Driver HPZ12 [On_Demand \| Stopped]) SRV - [2009/10/16 13:13:18 \| 01,170,768 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto \| Running]) SRV - [2009/07/02 17:36:52 \| 00,017,904 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc [Auto \| Running]) SRV - [2009/05/27 07:17:51 \| 00,152,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto \| Stopped]) SRV - [2008/10/16 21:35:28 \| 00,116,032 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto \| Running]) SRV - [2008/07/29 21:10:04 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand \| Stopped]) SRV - [2008/07/29 19:24:50 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown \| Stopped]) SRV - [2008/07/29 19:16:38 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled \| Stopped]) SRV - [2008/07/25 11:17:02 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) SRV - [2008/07/25 11:16:40 \| 00,034,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand \| Stopped]) SRV - [2008/07/24 19:46:10 \| 00,063,040 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto \| Running]) SRV - [2008/04/13 19:12:02 \| 00,038,400 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto \| Running]) SRV - [2008/03/30 10:36:30 \| 00,504,104 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand \| Stopped]) SRV - [2008/02/18 11:16:30 \| 00,110,592 \| ---- \| M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto \| Running]) SRV - [2007/12/21 13:30:40 \| 00,131,072 \| ---- \| M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor [Auto \| Running]) SRV - [2004/10/22 04:24:18 \| 00,073,728 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand \| Stopped]) SRV - [2004/10/20 08:40:04 \| 00,010,328 \| R--- \| M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto \| Running]) SRV - [2004/10/15 15:54:14 \| 00,100,016 \| ---- \| M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Disabled \| Stopped]) SRV - [2004/09/22 19:46:10 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto \| Running]) SRV - [2004/05/24 12:35:52 \| 00,322,104 \| ---- \| M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS [Auto \| Stopped]) SRV - [2004/01/08 17:41:40 \| 00,073,796 \| ---- \| M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto \| Stopped]) SRV - [2003/09/19 13:11:46 \| 00,065,536 \| ---- \| M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service [Auto \| Running]) SRV - [2003/07/28 13:28:22 \| 00,089,136 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand \| Stopped]) SRV - [2003/06/20 00:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto \| Stopped]) SRV - [2003/05/02 15:19:00 \| 00,069,632 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto \| Running]) SRV - [2003/03/05 06:30:10 \| 00,155,648 \| ---- \| M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe -- (SuperProServer [Auto \| Stopped]) SRV - [2003/03/03 13:33:40 \| 00,143,360 \| ---- \| M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand \| Stopped]) SRV - [2002/12/17 18:26:22 \| 07,520,337 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto \| Running]) SRV - [2002/12/17 18:23:30 \| 00,311,872 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand \| Stopped]) SRV - [2002/12/17 18:23:30 \| 00,066,112 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand \| Stopped]) SRV - [2000/06/29 03:45:10 \| 00,052,224 \| ---- \| M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Auto \| Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/27 07:17:55 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 18:38:57 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2008/04/08 08:02:20 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/07/23 03:15:21 \| 00,000,000 \| ---D \| M] [2009/10/19 08:52:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions [2009/10/19 08:52:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/12/29 18:36:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/10/19 08:52:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\staged-xpis [2009/10/19 09:02:23 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2006/03/02 18:47:34 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007/06/27 10:19:29 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2008/02/12 12:01:52 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2008/03/19 08:33:31 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008/08/12 07:08:50 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/05/27 07:18:14 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2006/03/02 18:47:31 \| 00,060,518 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2006/03/02 18:47:34 \| 00,049,248 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2006/03/02 18:47:31 \| 00,165,992 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2009/05/27 07:17:53 \| 00,410,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2006/03/02 18:47:33 \| 00,017,024 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007/03/22 19:23:30 \| 00,017,248 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2006/12/18 04:18:30 \| 00,077,824 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2006/03/02 18:47:38 \| 00,000,680 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png [2006/03/02 18:47:38 \| 00,000,741 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src [2006/03/02 18:47:38 \| 00,001,150 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png [2006/03/02 18:47:38 \| 00,000,539 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src [2006/03/02 18:47:38 \| 00,000,356 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png [2006/03/02 18:47:38 \| 00,001,007 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src [2006/03/02 18:47:38 \| 00,000,210 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif [2006/03/02 18:47:38 \| 00,001,056 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src [2006/03/02 18:47:38 \| 00,001,076 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif [2006/03/02 18:47:38 \| 00,000,718 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src [2006/03/02 18:47:38 \| 00,000,088 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif [2006/03/02 18:47:38 \| 00,001,122 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell) O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Chiro8000 v12 File Server.lnk = C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta () O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.acngroup.com/QM/charts/activexviewer.cab (Crystal Report Viewer Control 9) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module) O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c16/v22.147/qboax10.cab (QuickBooks Online Edition Utilities Class v10) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} https://accounting.quickbooks.com/c1/v15.559/qboax8.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} http://validate.measureup.com/test/control...ASADownload.CAB (MDASADownload.Complete) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/02/03 16:22:14 \| 00,000,000 \| ---D \| M] - C:\autodoc -- [ NTFS ] O32 - AutoRun File - [2007/01/21 10:36:34 \| 00,000,000 \| ---D \| M] - C:\Autodoc2 -- [ NTFS ] O32 - AutoRun File - [2004/10/26 20:50:33 \| 00,000,002 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/02/02 16:08:53 \| 00,000,000 \| ---D \| M] - C:\autosync -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found ========== LOP Check ========== [2009/10/19 08:06:52 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2009/10/16 13:11:55 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2006/01/17 15:54:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Borland [2006/01/17 15:50:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Corel [2004/11/26 15:38:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Dell [2004/10/26 10:20:12 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\G7PS [2009/01/13 20:08:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2006/01/27 09:30:46 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Motive [2007/04/03 14:42:51 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MSN6 [2008/02/17 12:02:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Nuance [2004/06/14 09:13:42 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks [2009/08/20 07:11:57 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\RegCure [2003/08/19 17:13:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2008/02/17 16:39:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2004/01/22 11:09:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Support.com [2009/10/16 16:59:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2005/02/06 14:03:29 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/10/26 09:59:57 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Doylechiro\Application Data [2007/01/10 12:56:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\ActiveDocs [2008/09/26 12:51:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\FileZilla [2006/09/27 12:58:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\G7PS [2006/04/25 09:02:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Kana Solution [2008/03/03 18:46:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\KompoZer [2008/10/15 14:45:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\LinkManager 4.0 [2007/04/03 14:43:00 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\MSN6 [2008/02/17 12:07:54 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Nuance [2009/01/27 13:06:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\OpenOffice.org [2006/09/05 10:07:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\ScanSoft [2008/03/24 11:52:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Viewpoint [2009/10/26 09:02:58 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2009/10/16 14:40:10 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2002/08/29 05:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\DESKTOP.INI [2009/10/26 09:00:42 \| 00,000,408 \| -H-- \| M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2009/10/26 08:56:02 \| 00,000,448 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job [2009/10/26 10:04:49 \| 00,000,388 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure Startup.job [2009/10/18 03:06:01 \| 00,000,382 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure.job [2009/10/26 10:04:50 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/10/26 08:55:47 \| 00,000,398 \| ---- \| M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job [2009/10/16 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job [2009/10/26 09:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job [2009/10/21 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job ========== Purity Check ========== < End of report >

andrewuk View Member Profile	Oct 26 2009, 11:22 AM Post #7
Trusted Helper Posts: 4,592 From: London, UK OS: XP	any idea what this refers to? O16 - DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} http://validate.measureup.com/test/control...ASADownload.CAB (MDASADownload.Complete) ====STEP 1==== 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: CODE Registry:: [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8CE3BAE6-AB66-40B6-9019-41E5282FF1E2}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}] Driver:: LMIRfsClientNP Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. ====STEP 2==== We will again run OTL , but go for a shortened log. Close all windows and open it by double clicking on the icon we are again targetting a selective output, hence: on the left hand side, in the box titled "Processes" select none on the left hand side, in the box titled "Drivers" select none on the left hand side, in the box titled "Extra Registry" select none on the right hand side, in the box titled "Files created within" select none on the right hand side, in the box titled "Files modified within" select none tick both the boxes marked Purity check and Lop check Click Run Scan and let the program run uninterrupted It will produce one log for you called OTL.txt. Please post that log here in reply. You may need to use two posts to get it all on the forum ====STEP 3==== i want to scan a couple of files that i do not recognise: Please go to VirSCAN.org FREE on-line scan service Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page: C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe Click on the Upload button Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. . . . . if the copy function does not work then copy the url link in your reply. Paste the contents of the Clipboard in your next reply (you will need to paste the link onto a notepad before you do the other scans below, else the contents of your clipboard will be written over with the new links). Could you do the same for the following file: c:\windows\SYSTEM32\BADECEE175.sys In your next reply could i see: 1. the answer to the question at the start 2. the combofix log 3. the OTL log 4. the 2 vircan links or logs The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts. andrewuk

bitterbuck View Member Profile	Oct 26 2009, 01:37 PM Post #8
Member Posts: 18 OS: XP	I recieved the following error when combofix rebooted. SQL Server could not find the default instance of MSQLSERVER- Please specify the name of an existing instance on the invocation of sqlservr.exe. If you believe your installation is corrupt or has been tampered with, uninstall the re-run setup to correct this problem. 1. No, I do not recognize this Combofix Log ComboFix 09-10-25.02 - Doylechiro 10/26/2009 13:32.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.309 [GMT -5:00] Running from: c:\documents and settings\Doylechiro\My Documents\ComboFix.exe Command switches used :: c:\documents and settings\Doylechiro\My Documents\CFScript.txt AV: Microsoft Security Essentials On-access scanning disabled (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_LMIRFSCLIENTNP -------\Service_LMIRfsClientNP ((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 ))))))))))))))))))))))))))))))) . 2009-10-26 13:52 . 2009-10-26 13:52 -------- d-----w- C:\_OTL 2009-10-19 13:07 . 2009-10-19 13:07 -------- d-----w- c:\documents and settings\Doylechiro\Application Data\Malwarebytes 2009-10-19 13:06 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-19 13:06 . 2009-10-19 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-19 13:06 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-19 13:06 . 2009-10-19 13:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-19 13:04 . 2009-10-19 13:04 -------- d-----w- c:\program files\ERUNT 2009-10-16 22:30 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-10-16 22:24 . 2009-10-16 22:25 -------- d-----w- c:\program files\Microsoft Security Essentials 2009-10-16 22:17 . 2009-10-16 22:18 -------- d-----w- c:\program files\Windows Live Safety Center 2009-10-16 21:59 . 2009-10-16 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-16 20:02 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-10-16 18:14 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-10-16 18:11 . 2009-10-16 18:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-16 18:10 . 2009-10-16 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-26 12:06 . 2006-12-20 22:45 -------- d-----w- c:\program files\LogMeIn 2009-10-19 13:43 . 2003-08-19 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com 2009-10-16 18:10 . 2004-11-05 15:34 -------- d-----w- c:\program files\Lavasoft 2009-09-11 14:18 . 2002-08-29 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-10 08:13 . 2009-07-21 12:22 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-04 21:03 . 2002-08-29 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-31 18:07 . 2008-04-08 13:44 62096 ---ha-w- c:\windows\system32\mlfcache.dat 2009-08-31 13:58 . 2009-08-31 13:58 -------- d-----w- c:\program files\LogMeIn Rescue Calling Card 2009-08-29 07:36 . 2004-02-06 23:05 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2002-08-29 10:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-26 08:00 . 2002-08-29 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-25 12:09 . 2006-03-10 14:54 82416 ----a-w- c:\documents and settings\Doylechiro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-25 12:08 . 2003-08-19 22:15 8224 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-20 20:09 . 2009-08-20 20:09 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-05 09:01 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 01:44 . 1980-01-01 05:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 1980-01-01 05:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe 2004-01-20 13:33 . 2004-01-20 12:24 40278 -c--a-w- c:\program files\Copy of Patients.dat 2006-03-02 23:47 . 2006-03-02 23:47 60518 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2006-03-02 23:47 . 2006-03-02 23:47 49248 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2006-03-02 23:47 . 2006-03-02 23:47 165992 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2009-01-14 02:23 . 2006-01-17 20:58 56 --sh--r- c:\windows\SYSTEM32\BADECEE175.sys 2009-01-14 02:23 . 2006-01-17 20:41 3350 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2009-10-26_15.00.42 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-26 18:48 . 2009-10-26 18:48 16384 c:\windows\Temp\Perflib_Perfdata_700.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 405583] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-06-24 245760] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768] "IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-27 148888] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-08-19 151597] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696] "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760] c:\documents and settings\Doylechiro\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Chiro8000 v12 File Server.lnk - c:\program files\Forte Systems\Chiro8000 v12\FileServer.exe [2008-12-11 380928] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-17 02:35 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Chiro8000 File Server.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Chiro8000 File Server.lnk backup=c:\windows\pss\Chiro8000 File Server.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk backup=c:\windows\pss\Device Detector 2.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk backup=c:\windows\pss\Kodak software updater.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Doylechiro^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk] path=c:\documents and settings\Doylechiro\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Doylechiro^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk] path=c:\documents and settings\Doylechiro\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Dr. Cody Doyle^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk] path=c:\documents and settings\Dr. Cody Doyle\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AOL TopSpeedMonitor"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Outlook Express\\msimn.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SYSTEM32\\mshta.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\UltraVNC\\vncviewer.exe"= "c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\PVSW\\Bin\\w3dbsmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Forte Systems\\Chiro8000 v12\\PM.exe"= "c:\\PVSW\\Bin\\sqldmgr.exe"= "c:\\Program Files\\Forte Systems\\Chiro8000 v12\\FileServer.exe"= "c:\\Program Files\\Forte Systems\\Chiro8000\\FileServer.exe"= "c:\\Program Files\\Forte Systems\\Chiro8000 v12\\DBUtility.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "8080:TCP"= 8080:TCP:Remote Access "1433:TCP"= 1433:TCP::Disabled:1433 "1433:UDP"= 1433:UDP::Disabled:1433 "14000:TCP"= 14000:TCP::Disabled:14000 "14000:UDP"= 14000:UDP::Disabled:14000 "110:TCP"= 110:TCP:svchost R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [10/16/2009 1:14 PM 64288] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1170768] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys [1/13/2009 8:08 PM 47640] R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;c:\program files\Visioneer\OneTouch 4.0\OtService.exe [12/21/2007 1:30 PM 131072] R2 vnccom;vnccom;c:\windows\SYSTEM32\DRIVERS\vnccom.SYS [9/14/2008 4:56 PM 6016] --- Other Services/Drivers In Memory --- Deregistered - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:13] 2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57] 2009-10-26 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36] 2009-10-26 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2009-06-10 22:28] 2009-10-26 c:\windows\Tasks\RegCure Startup.job - c:\program files\RegCure\RegCure.exe [2009-06-10 22:28] 2009-10-18 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2009-06-10 22:28] 2009-10-26 c:\windows\Tasks\SDMsgUpdate (SmartDrawTrial).job - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2005-11-09 17:09] 2009-10-16 c:\windows\Tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job - c:\windows\system32\mobsync.exe [2002-08-29 00:12] 2009-10-26 c:\windows\Tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job - c:\windows\system32\mobsync.exe [2002-08-29 00:12] 2009-10-21 c:\windows\Tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job - c:\windows\system32\mobsync.exe [2002-08-29 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mStart Page = hxxp://www.yahoo.com mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/ uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} - hxxp://validate.measureup.com/test/controls/MDASADownload.CAB FF - ProfilePath - c:\documents and settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-26 13:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???8???????x???x???????????x???????????x???x??????????????????????????????????????????w????????????j??w????x???x?????????????? scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(680) c:\windows\system32\LMIinit.dll c:\windows\system32\mobilev.acm - - - - - - - > 'explorer.exe'(2644) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXEV.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Essentials\MsMpEng.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\crypserv.exe c:\program files\Olympus\DeviceDetector\DM1Service.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\drivers\KodakCCS.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\System32\nvsvc32.exe c:\program files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\fxssvc.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\combofix\CF20334.exe c:\program files\Yahoo!\Messenger\ymsgr_tray.exe c:\combofix\PEV.cfxxe . ************************************************************************ . Completion time: 2009-10-26 14:07 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-26 19:07 ComboFix2.txt 2009-10-26 15:24 Pre-Run: 29,158,019,072 bytes free Post-Run: 29,039,312,896 bytes free - - End Of File - - 036B773A4CCD7DA128B30CAD34BCEF92 OTL OTL logfile created on: 10/26/2009 2:26:03 PM - Run 4 OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Doylechiro\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 767.00 Mb Total Physical Memory \| 257.51 Mb Available Physical Memory \| 33.57% Memory free 1.46 Gb Paging File \| 1.02 Gb Available in Paging File \| 69.93% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 74.47 Gb Total Space \| 27.08 Gb Free Space \| 36.36% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOCFW Current User Name: Doylechiro Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (Pml Driver HPZ12 [On_Demand \| Stopped]) SRV - [2009/10/16 13:13:18 \| 01,170,768 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto \| Running]) SRV - [2009/07/02 17:36:52 \| 00,017,904 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc [Auto \| Running]) SRV - [2009/05/27 07:17:51 \| 00,152,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto \| Running]) SRV - [2008/10/16 21:35:28 \| 00,116,032 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto \| Running]) SRV - [2008/07/29 21:10:04 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand \| Stopped]) SRV - [2008/07/29 19:24:50 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown \| Stopped]) SRV - [2008/07/29 19:16:38 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled \| Stopped]) SRV - [2008/07/25 11:17:02 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) SRV - [2008/07/25 11:16:40 \| 00,034,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand \| Stopped]) SRV - [2008/07/24 19:46:10 \| 00,063,040 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto \| Running]) SRV - [2008/04/13 19:12:02 \| 00,038,400 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto \| Running]) SRV - [2008/03/30 10:36:30 \| 00,504,104 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand \| Stopped]) SRV - [2008/02/18 11:16:30 \| 00,110,592 \| ---- \| M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto \| Running]) SRV - [2007/12/21 13:30:40 \| 00,131,072 \| ---- \| M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor [Auto \| Running]) SRV - [2004/10/22 04:24:18 \| 00,073,728 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand \| Stopped]) SRV - [2004/10/20 08:40:04 \| 00,010,328 \| R--- \| M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto \| Running]) SRV - [2004/10/15 15:54:14 \| 00,100,016 \| ---- \| M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Disabled \| Stopped]) SRV - [2004/09/22 19:46:10 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto \| Running]) SRV - [2004/05/24 12:35:52 \| 00,322,104 \| ---- \| M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS [Auto \| Running]) SRV - [2004/01/08 17:41:40 \| 00,073,796 \| ---- \| M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto \| Stopped]) SRV - [2003/09/19 13:11:46 \| 00,065,536 \| ---- \| M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service [Auto \| Running]) SRV - [2003/07/28 13:28:22 \| 00,089,136 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand \| Stopped]) SRV - [2003/06/20 00:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto \| Running]) SRV - [2003/05/02 15:19:00 \| 00,069,632 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto \| Running]) SRV - [2003/03/05 06:30:10 \| 00,155,648 \| ---- \| M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe -- (SuperProServer [Auto \| Running]) SRV - [2003/03/03 13:33:40 \| 00,143,360 \| ---- \| M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand \| Stopped]) SRV - [2002/12/17 18:26:22 \| 07,520,337 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto \| Stopped]) SRV - [2002/12/17 18:23:30 \| 00,311,872 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand \| Stopped]) SRV - [2002/12/17 18:23:30 \| 00,066,112 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand \| Stopped]) SRV - [2000/06/29 03:45:10 \| 00,052,224 \| ---- \| M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Auto \| Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/27 07:17:55 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 18:38:57 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2008/04/08 08:02:20 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/07/23 03:15:21 \| 00,000,000 \| ---D \| M] [2009/10/19 08:52:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions [2009/10/19 08:52:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/12/29 18:36:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/10/19 08:52:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\staged-xpis [2009/10/19 09:02:23 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2006/03/02 18:47:34 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007/06/27 10:19:29 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2008/02/12 12:01:52 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2008/03/19 08:33:31 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008/08/12 07:08:50 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/05/27 07:18:14 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2006/03/02 18:47:31 \| 00,060,518 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2006/03/02 18:47:34 \| 00,049,248 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2006/03/02 18:47:31 \| 00,165,992 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2009/05/27 07:17:53 \| 00,410,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2006/03/02 18:47:33 \| 00,017,024 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007/03/22 19:23:30 \| 00,017,248 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2006/12/18 04:18:30 \| 00,077,824 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2006/03/02 18:47:38 \| 00,000,680 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png [2006/03/02 18:47:38 \| 00,000,741 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src [2006/03/02 18:47:38 \| 00,001,150 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png [2006/03/02 18:47:38 \| 00,000,539 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src [2006/03/02 18:47:38 \| 00,000,356 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png [2006/03/02 18:47:38 \| 00,001,007 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src [2006/03/02 18:47:38 \| 00,000,210 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif [2006/03/02 18:47:38 \| 00,001,056 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src [2006/03/02 18:47:38 \| 00,001,076 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif [2006/03/02 18:47:38 \| 00,000,718 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src [2006/03/02 18:47:38 \| 00,000,088 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif [2006/03/02 18:47:38 \| 00,001,122 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell) O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Chiro8000 v12 File Server.lnk = C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta () O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.acngroup.com/QM/charts/activexviewer.cab (Crystal Report Viewer Control 9) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module) O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c16/v22.147/qboax10.cab (QuickBooks Online Edition Utilities Class v10) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} http://validate.measureup.com/test/control...ASADownload.CAB (MDASADownload.Complete) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/02/03 16:22:14 \| 00,000,000 \| ---D \| M] - C:\autodoc -- [ NTFS ] O32 - AutoRun File - [2007/01/21 10:36:34 \| 00,000,000 \| ---D \| M] - C:\Autodoc2 -- [ NTFS ] O32 - AutoRun File - [2004/10/26 20:50:33 \| 00,000,002 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/02/02 16:08:53 \| 00,000,000 \| ---D \| M] - C:\autosync -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found ========== LOP Check ========== [2009/10/19 08:06:52 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2009/10/16 13:11:55 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2006/01/17 15:54:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Borland [2006/01/17 15:50:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Corel [2004/11/26 15:38:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Dell [2004/10/26 10:20:12 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\G7PS [2009/01/13 20:08:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2006/01/27 09:30:46 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Motive [2007/04/03 14:42:51 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MSN6 [2008/02/17 12:02:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Nuance [2004/06/14 09:13:42 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks [2009/08/20 07:11:57 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\RegCure [2003/08/19 17:13:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2008/02/17 16:39:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2004/01/22 11:09:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Support.com [2009/10/16 16:59:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2005/02/06 14:03:29 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/10/26 09:59:57 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Doylechiro\Application Data [2007/01/10 12:56:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\ActiveDocs [2008/09/26 12:51:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\FileZilla [2006/09/27 12:58:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\G7PS [2006/04/25 09:02:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Kana Solution [2008/03/03 18:46:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\KompoZer [2008/10/15 14:45:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\LinkManager 4.0 [2007/04/03 14:43:00 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\MSN6 [2008/02/17 12:07:54 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Nuance [2009/01/27 13:06:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\OpenOffice.org [2006/09/05 10:07:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\ScanSoft [2008/03/24 11:52:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Viewpoint [2009/10/26 13:50:23 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2009/10/16 14:40:10 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2002/08/29 05:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\DESKTOP.INI [2009/10/26 13:53:19 \| 00,000,408 \| -H-- \| M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2009/10/26 13:55:41 \| 00,000,448 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job [2009/10/26 14:25:06 \| 00,000,388 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure Startup.job [2009/10/18 03:06:01 \| 00,000,382 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure.job [2009/10/26 13:48:05 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/10/26 13:55:34 \| 00,000,398 \| ---- \| M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job [2009/10/16 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job [2009/10/26 09:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job [2009/10/21 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job ========== Purity Check ========== < End of report > Step 3 The first file is my Office Mgmt software I scanned it anyway incase you still needed it. VirSCAN.org Scanned Report : Scanned time : 2009/10/26 14:18:01 (CDT) Scanner results: Scanners did not find malware! File Name : FileServer.exe File Size : 380928 byte File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5 : ecc0d36de8cd608e79f801c991afa973 SHA1 : 6d254753a454018b5704356e1ca5303c4222cd15 Online report : http://virscan.org/report/ee8639ff4327bde7...318e753a41.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.5.0.8 20091027020148 2009-10-27 4.09 - AhnLab V3 2009.10.24.00 2009.10.24 2009-10-24 0.91 - AntiVir 8.2.1.44 7.1.6.151 2009-10-26 0.55 - Antiy 2.0.18 20091026.3088324 2009-10-26 0.12 - Arcavir 2009 200910261058 2009-10-26 0.04 - Authentium 5.1.1 200910261248 2009-10-26 1.18 - AVAST! 4.7.4 091026-0 2009-10-26 0.02 - AVG 8.5.288 270.14.32/2460 2009-10-26 0.33 - BitDefender 7.81008.4460746 7.28578 2009-10-27 3.86 - CA (VET) 35.1.0 7082 2009-10-23 8.49 - ClamAV 0.95.2 9941 2009-10-26 1.26 - Comodo 3.12 2741 2009-10-26 0.76 - CP Secure 1.3.0.5 2009.10.26 2009-10-26 0.08 - Dr.Web 4.44.0.9170 2009.10.26 2009-10-26 6.00 - F-Prot 4.4.4.56 20091026 2009-10-26 1.17 - F-Secure 7.02.73807 2009.10.26.09 2009-10-26 8.78 - Fortinet 2.81-3.120 10.989 2009-10-26 0.28 - GData 19.8592/19.524 20091026 2009-10-26 5.70 - ViRobot 20091026 2009.10.26 2009-10-26 0.41 - Ikarus T3.1.01.72 2009.10.26.74276 2009-10-26 4.21 - JiangMin 11.0.800 2009.10.26 2009-10-26 4.36 - Kaspersky 5.5.10 2009.10.26 2009-10-26 0.07 - KingSoft 2009.2.5.15 2009.10.26.18 2009-10-26 0.56 - McAfee 5.3.00 5783 2009-10-26 3.37 - Microsoft 1.5202 2009.10.26 2009-10-26 5.95 - Norman 6.01.09 6.01.00 2009-10-26 4.01 - Panda 9.05.01 2009.10.25 2009-10-25 3.77 - Trend Micro 8.700-1004 6.578.05 2009-10-26 0.03 - Quick Heal 10.00 2009.10.26 2009-10-26 1.31 - Rising 20.0 21.53.04.00 2009-10-26 0.84 - Sophos 3.00.1 4.46 2009-10-27 2.65 - Sunbelt 5468 5468 2009-10-25 2.20 - Symantec 1.3.0.24 20091026.007 2009-10-26 0.05 - nProtect 20091026.02 6018743 2009-10-26 7.57 - The Hacker 6.5.0.2 v00054 2009-10-26 0.81 - VBA32 3.12.10.11 20091023.1519 2009-10-23 1.90 - VirusBuster 4.5.11.10 10.112.80/2014774 2009-10-26 2.45 - VirSCAN.org Scanned Report : Scanned time : 2009/10/26 14:23:05 (CDT) Scanner results: Scanners did not find malware! File Name : BADECEE175.sys File Size : 56 byte File Type : data MD5 : 878c0bae86ffff55c256df4b96fbfef5 SHA1 : c75dc6d36f75fa3a58f22da09c685b5cea526220 Online report : http://virscan.org/report/5dc42548b2289e8e...72264d286d.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.5.0.8 20091027020148 2009-10-27 4.06 - AhnLab V3 2009.10.24.00 2009.10.24 2009-10-24 0.88 - AntiVir 8.2.1.44 7.1.6.151 2009-10-26 0.25 - Antiy 2.0.18 20091026.3088324 2009-10-26 0.12 - Arcavir 2009 200910261058 2009-10-26 0.02 - Authentium 5.1.1 200910261248 2009-10-26 1.19 - AVAST! 4.7.4 091026-0 2009-10-26 0.00 - AVG 8.5.288 270.14.32/2460 2009-10-26 0.31 - BitDefender 7.81008.4460746 7.28578 2009-10-27 3.86 - CA (VET) 35.1.0 7082 2009-10-23 8.11 - ClamAV 0.95.2 9941 2009-10-26 0.00 - Comodo 3.12 2741 2009-10-26 0.71 - CP Secure 1.3.0.5 2009.10.26 2009-10-26 0.01 - Dr.Web 4.44.0.9170 2009.10.26 2009-10-26 6.05 - F-Prot 4.4.4.56 20091026 2009-10-26 1.16 - F-Secure 7.02.73807 2009.10.26.09 2009-10-26 0.04 - Fortinet 2.81-3.120 10.989 2009-10-26 0.18 - GData 19.8592/19.524 20091026 2009-10-26 5.31 - ViRobot 20091026 2009.10.26 2009-10-26 0.41 - Ikarus T3.1.01.72 2009.10.26.74276 2009-10-26 4.21 - JiangMin 11.0.800 2009.10.26 2009-10-26 4.19 - Kaspersky 5.5.10 2009.10.26 2009-10-26 0.02 - KingSoft 2009.2.5.15 2009.10.26.18 2009-10-26 0.57 - McAfee 5.3.00 5783 2009-10-26 3.35 - Microsoft 1.5202 2009.10.26 2009-10-26 5.98 - Norman 6.01.09 6.01.00 2009-10-26 4.01 - Panda 9.05.01 2009.10.25 2009-10-25 1.76 - Trend Micro 8.700-1004 6.578.05 2009-10-26 0.02 - Quick Heal 10.00 2009.10.26 2009-10-26 1.20 - Rising 20.0 21.53.04.00 2009-10-26 0.27 - Sophos 3.00.1 4.46 2009-10-27 2.62 - Sunbelt 5468 5468 2009-10-25 1.61 - Symantec 1.3.0.24 20091026.007 2009-10-26 0.17 - nProtect 20091026.02 6018743 2009-10-26 7.69 - The Hacker 6.5.0.2 v00054 2009-10-26 0.66 - VBA32 3.12.10.11 20091023.1519 2009-10-23 1.90 - VirusBuster 4.5.11.10 10.112.80/2014774 2009-10-26 2.42 -

andrewuk View Member Profile	Oct 26 2009, 05:04 PM Post #9
Trusted Helper Posts: 4,592 From: London, UK OS: XP	QUOTE SQL Server could not find the default instance of MSQLSERVER- Please specify the name of an existing instance on the invocation of sqlservr.exe. If you believe your installation is corrupt or has been tampered with, uninstall the re-run setup to correct this problem. we will deal with that later in this post we will do some general scans to clear out the remnants and ensure nothing else sneaked onto your machine. the scans will likely take 4 hours, quite possibly much longer. so just let them run. we will also update your java. ====STEP 1==== Run OTL.exe by double clicking the icon on your desktop Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) :Reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA}] :Commands [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then post the log that it produces ====STEP 2==== Please download ATF Cleaner by Atribune. Caution: This program is for Windows 2000, XP and Vista only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. ====STEP 3==== we will update and re-run your malwarebytes: double click the malwarebytes icon on your desktop to open the program on the tabs at the top, select Update and then press the Check for Updates button on that page. If an update is found, it will download and install the latest version. once complete (a new version of malwarebytes may download) select the tab Scanner select "Perform Full Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. ====STEP 4==== Download and scan with SUPERAntiSpyware Free for Home Users Double-click SUPERAntiSpyware.exe and use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.) Under "*Configuration and Preferences", click the Preferences* button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked (leave all others unchecked): Close browsers before scanning. Scan for tracking cookies. Terminate memory threats before quarantining. Click the "Close" button to leave the control center screen. Back on the main screen, under "*Scan for Harmful Software" click Scan your computer. On the left, make sure you check C:\Fixed Drive. On the right, under "Complete Scan", choose Perform Complete Scan. Click "Next" to start the scan. Please be patient while it scans your computer. After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". Make sure everything has a checkmark next to it and click "Next". A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. If asked if you want to reboot, click "Yes". To retrieve the removal information after reboot, launch SUPERAntispyware again. Click Preferences, then click the Statistics/Logs tab.* Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. Please copy and paste the Scan Log results in your next reply. Click Close to exit the program. ====STEP 5==== Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. A log will appear (JavaRa.log), no need to post the log in reply. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. ====STEP 6==== Please do an online scan with Kaspersky WebScanner (this will identify any issues, we will clear them in the following post) Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure the following is checked. Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Please post this log in your next reply. Upgrading Java, if required: Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16. Click the "Download" button to the right. Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.". Click on Continue. Click on the link to download Windows Offline Installation (jre-6u14-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager.. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u14-windows-i586.exe and select "Run as an Administrator.") In your next reply could i see: 1. the OTL log 2. the malwarebytes log 3. the superantispyware log 4. the kaspersky log 5. some idea of how your machine is running now The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts. andrewuk

bitterbuck View Member Profile	Oct 27 2009, 08:36 AM Post #10
Member Posts: 18 OS: XP	No OTL Log was created when step 1 was performed. I ran a new one (quick scan) and this is what it produced. OTL Quick Scan OTL logfile created on: 10/26/2009 7:59:22 PM - Run 5 OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Doylechiro\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 767.00 Mb Total Physical Memory \| 287.07 Mb Available Physical Memory \| 37.43% Memory free 1.46 Gb Paging File \| 1.04 Gb Available in Paging File \| 71.34% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 74.47 Gb Total Space \| 27.19 Gb Free Space \| 36.51% Space Free \| Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOCFW Current User Name: Doylechiro Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/10/19 13:48:29 \| 00,521,216 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe PRC - [2009/10/16 13:13:20 \| 00,781,656 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2009/10/16 13:13:18 \| 01,170,768 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2009/09/13 18:52:50 \| 01,048,392 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe PRC - [2009/07/02 17:36:52 \| 00,017,904 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe PRC - [2009/06/10 17:28:26 \| 12,973,336 \| ---- \| M] () -- C:\Program Files\RegCure\RegCure.exe PRC - [2009/05/27 07:17:52 \| 00,148,888 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/05/27 07:17:51 \| 00,152,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/04/21 22:34:24 \| 12,314,456 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE PRC - [2009/02/06 05:10:02 \| 00,227,840 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe PRC - [2008/11/05 22:59:00 \| 00,079,088 \| ---- \| M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe PRC - [2008/10/16 21:35:28 \| 00,116,032 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe PRC - [2008/10/16 21:35:24 \| 00,087,360 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe PRC - [2008/07/24 19:46:10 \| 00,063,040 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe PRC - [2008/06/17 16:16:14 \| 03,463,976 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe PRC - [2008/04/13 19:12:19 \| 01,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE PRC - [2008/02/18 11:16:30 \| 00,110,592 \| ---- \| M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2007/12/21 13:30:40 \| 00,131,072 \| ---- \| M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe PRC - [2005/08/11 17:30:30 \| 00,081,920 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe PRC - [2005/01/04 12:50:52 \| 00,405,583 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE PRC - [2004/10/20 08:40:04 \| 00,010,328 \| R--- \| M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe PRC - [2004/09/22 19:46:10 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe PRC - [2004/05/24 12:35:52 \| 00,322,104 \| ---- \| M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe PRC - [2004/01/08 17:41:40 \| 00,073,796 \| ---- \| M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe PRC - [2003/09/19 13:11:46 \| 00,065,536 \| ---- \| M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe PRC - [2003/08/19 17:21:01 \| 00,151,597 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2003/06/24 10:46:30 \| 00,245,760 \| ---- \| M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe PRC - [2003/06/20 00:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE PRC - [2003/05/02 15:19:00 \| 00,069,632 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe PRC - [2003/03/05 06:30:10 \| 00,155,648 \| ---- \| M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe PRC - [2002/12/17 18:23:32 \| 00,074,308 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe PRC - [2002/08/29 05:00:00 \| 00,016,896 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe PRC - [2002/03/21 23:41:56 \| 00,094,208 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe PRC - [2000/06/29 03:45:10 \| 00,052,224 \| ---- \| M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (Pml Driver HPZ12 [On_Demand \| Stopped]) SRV - [2009/10/16 13:13:18 \| 01,170,768 \| ---- \| M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto \| Running]) SRV - [2009/07/02 17:36:52 \| 00,017,904 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc [Auto \| Running]) SRV - [2009/05/27 07:17:51 \| 00,152,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto \| Running]) SRV - [2008/10/16 21:35:28 \| 00,116,032 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto \| Running]) SRV - [2008/07/29 21:10:04 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand \| Stopped]) SRV - [2008/07/29 19:24:50 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown \| Stopped]) SRV - [2008/07/29 19:16:38 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled \| Stopped]) SRV - [2008/07/25 11:17:02 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand \| Stopped]) SRV - [2008/07/25 11:16:40 \| 00,034,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand \| Stopped]) SRV - [2008/07/24 19:46:10 \| 00,063,040 \| ---- \| M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto \| Running]) SRV - [2008/04/13 19:12:02 \| 00,038,400 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto \| Running]) SRV - [2008/03/30 10:36:30 \| 00,504,104 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand \| Stopped]) SRV - [2008/02/18 11:16:30 \| 00,110,592 \| ---- \| M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto \| Running]) SRV - [2007/12/21 13:30:40 \| 00,131,072 \| ---- \| M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor [Auto \| Running]) SRV - [2004/10/22 04:24:18 \| 00,073,728 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand \| Stopped]) SRV - [2004/10/20 08:40:04 \| 00,010,328 \| R--- \| M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto \| Running]) SRV - [2004/10/15 15:54:14 \| 00,100,016 \| ---- \| M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Disabled \| Stopped]) SRV - [2004/09/22 19:46:10 \| 00,038,912 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto \| Running]) SRV - [2004/05/24 12:35:52 \| 00,322,104 \| ---- \| M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS [Auto \| Running]) SRV - [2004/01/08 17:41:40 \| 00,073,796 \| ---- \| M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto \| Running]) SRV - [2003/09/19 13:11:46 \| 00,065,536 \| ---- \| M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service [Auto \| Running]) SRV - [2003/07/28 13:28:22 \| 00,089,136 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand \| Stopped]) SRV - [2003/06/20 00:25:00 \| 00,322,120 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto \| Running]) SRV - [2003/05/02 15:19:00 \| 00,069,632 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto \| Running]) SRV - [2003/03/05 06:30:10 \| 00,155,648 \| ---- \| M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe -- (SuperProServer [Auto \| Running]) SRV - [2003/03/03 13:33:40 \| 00,143,360 \| ---- \| M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand \| Stopped]) SRV - [2002/12/17 18:26:22 \| 07,520,337 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto \| Stopped]) SRV - [2002/12/17 18:23:30 \| 00,311,872 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand \| Stopped]) SRV - [2002/12/17 18:23:30 \| 00,066,112 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand \| Stopped]) SRV - [2000/06/29 03:45:10 \| 00,052,224 \| ---- \| M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Auto \| Running]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=" FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/27 07:17:55 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 18:38:57 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2008/04/08 08:02:20 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/07/23 03:15:21 \| 00,000,000 \| ---D \| M] [2009/10/19 08:52:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions [2009/10/19 08:52:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/12/29 18:36:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009/10/19 08:52:10 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\staged-xpis [2009/10/19 09:02:23 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions [2006/03/02 18:47:34 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2007/06/27 10:19:29 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [2008/02/12 12:01:52 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [2008/03/19 08:33:31 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2008/08/12 07:08:50 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/05/27 07:18:14 \| 00,000,000 \| ---D \| M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2006/03/02 18:47:31 \| 00,060,518 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2006/03/02 18:47:34 \| 00,049,248 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2006/03/02 18:47:31 \| 00,165,992 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2009/05/27 07:17:53 \| 00,410,984 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2006/03/02 18:47:33 \| 00,017,024 \| ---- \| M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2007/03/22 19:23:30 \| 00,017,248 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2006/12/18 04:18:30 \| 00,077,824 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2008/04/08 08:02:19 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll [2006/03/02 18:47:38 \| 00,000,680 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png [2006/03/02 18:47:38 \| 00,000,741 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src [2006/03/02 18:47:38 \| 00,001,150 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png [2006/03/02 18:47:38 \| 00,000,539 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src [2006/03/02 18:47:38 \| 00,000,356 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png [2006/03/02 18:47:38 \| 00,001,007 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src [2006/03/02 18:47:38 \| 00,000,210 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif [2006/03/02 18:47:38 \| 00,001,056 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src [2006/03/02 18:47:38 \| 00,001,076 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif [2006/03/02 18:47:38 \| 00,000,718 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src [2006/03/02 18:47:38 \| 00,000,088 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif [2006/03/02 18:47:38 \| 00,001,122 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell) O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Chiro8000 v12 File Server.lnk = C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta () O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.acngroup.com/QM/charts/activexviewer.cab (Crystal Report Viewer Control 9) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab (Windows Live Safety Center Base Module) O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c16/v22.147/qboax10.cab (QuickBooks Online Edition Utilities Class v10) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/02/03 16:22:14 \| 00,000,000 \| ---D \| M] - C:\autodoc -- [ NTFS ] O32 - AutoRun File - [2007/01/21 10:36:34 \| 00,000,000 \| ---D \| M] - C:\Autodoc2 -- [ NTFS ] O32 - AutoRun File - [2004/10/26 20:50:33 \| 00,000,002 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/02/02 16:08:53 \| 00,000,000 \| ---D \| M] - C:\autosync -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 14 Days ========== [2009/10/16 13:11:35 \| 00,000,000 \| -H-D \| C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/10/16 13:10:30 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2009/10/19 08:06:52 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/10/16 16:59:50 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009/10/19 08:07:25 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Doylechiro\Application Data\Malwarebytes [2009/10/19 08:04:17 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/10/19 08:06:51 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/16 17:24:26 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Microsoft Security Essentials [2009/10/16 17:17:01 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Windows Live Safety Center [2009/10/26 19:54:54 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\Doylechiro\Desktop\OTL logs [2009/10/26 09:24:29 \| 00,000,000 \| RHSD \| C] -- C:\cmdcons [2009/10/26 09:22:25 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/10/26 09:22:25 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/10/26 09:22:25 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/10/26 09:22:25 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/10/26 09:06:42 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/10/26 08:52:39 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/10/19 13:48:23 \| 00,521,216 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe [2009/10/19 13:42:19 \| 00,472,064 \| ---- \| C] ( ) -- C:\Documents and Settings\Doylechiro\Desktop\RootRepeal.exe [2009/10/19 08:08:25 \| 04,045,536 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doylechiro\Desktop\lllkkkiii-setup.exe [2009/10/19 08:06:55 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/10/19 08:06:52 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/19 08:05:33 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2009/10/19 07:36:18 \| 00,271,872 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\My Documents\TFC.exe [2009/10/16 13:14:17 \| 00,064,288 \| ---- \| C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys ========== Files - Modified Within 14 Days ========== [2009/10/26 20:07:56 \| 00,000,374 \| -H-- \| M] () -- C:\WINDOWS\tasks\MpIdleTask.job [2009/10/26 19:52:44 \| 00,000,162 \| -H-- \| M] () -- C:\Documents and Settings\Doylechiro\Desktop\~$w Microsoft Word Document (4).doc [2009/10/26 19:52:26 \| 00,010,752 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Desktop\New Microsoft Word Document (4).doc [2009/10/26 19:50:14 \| 00,000,408 \| -H-- \| M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009/10/26 19:49:56 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/10/26 19:47:26 \| 00,001,170 \| ---- \| M] () -- C:\WINDOWS\System32\WPA.DBL [2009/10/26 19:45:33 \| 00,000,448 \| ---- \| M] () -- C:\WINDOWS\tasks\RegCure Program Check.job [2009/10/26 19:45:17 \| 00,000,398 \| ---- \| M] () -- C:\WINDOWS\tasks\SDMsgUpdate (SmartDrawTrial).job [2009/10/26 19:45:17 \| 00,000,388 \| ---- \| M] () -- C:\WINDOWS\tasks\RegCure Startup.job [2009/10/26 19:45:08 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/10/26 19:44:56 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\BOOTSTAT.DAT [2009/10/26 19:39:31 \| 00,002,187 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/10/26 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job [2009/10/26 13:57:18 \| 00,000,246 \| ---- \| M] () -- C:\WINDOWS\system.ini [2009/10/26 13:56:37 \| 00,000,027 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\ETC\hosts [2009/10/26 09:24:56 \| 00,000,281 \| RHS- \| M] () -- C:\BOOT.INI [2009/10/26 09:06:04 \| 03,436,986 \| R--- \| M] () -- C:\Documents and Settings\Doylechiro\My Documents\ComboFix.exe [2009/10/26 09:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job [2009/10/26 07:31:10 \| 00,000,000 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Desktop\settings.dat [2009/10/25 06:11:34 \| 00,077,312 \| ---- \| M] () -- C:\WINDOWS\MBR.exe [2009/10/23 12:33:23 \| 00,002,119 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mat.gif [2009/10/23 12:33:23 \| 00,000,607 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mzn.gif [2009/10/23 12:33:23 \| 00,000,598 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mby.gif [2009/10/19 13:48:29 \| 00,521,216 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe [2009/10/19 13:42:19 \| 00,472,064 \| ---- \| M] ( ) -- C:\Documents and Settings\Doylechiro\Desktop\RootRepeal.exe [2009/10/19 08:09:46 \| 00,000,729 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/19 08:08:31 \| 04,045,536 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doylechiro\Desktop\lllkkkiii-setup.exe [2009/10/19 08:04:26 \| 00,000,800 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/10/19 08:04:23 \| 00,000,644 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Desktop\NTREGOPT.lnk [2009/10/19 08:04:22 \| 00,000,625 \| ---- \| M] () -- C:\Documents and Settings\Doylechiro\Desktop\ERUNT.lnk [2009/10/19 07:36:23 \| 00,271,872 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\My Documents\TFC.exe [2009/10/18 03:06:01 \| 00,000,382 \| ---- \| M] () -- C:\WINDOWS\tasks\RegCure.job [2009/10/16 17:24:27 \| 00,000,853 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2009/10/16 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job [2009/10/16 14:40:10 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/16 13:11:33 \| 00,000,900 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/10/15 03:27:17 \| 00,533,408 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/15 03:27:17 \| 00,463,200 \| ---- \| M] () -- C:\WINDOWS\System32\PERFH009.DAT [2009/10/15 03:27:17 \| 00,079,920 \| ---- \| M] () -- C:\WINDOWS\System32\PERFC009.DAT [2009/10/15 03:12:24 \| 00,001,393 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK ========== Files - No Company Name ========== [2009/10/26 20:00:02 \| 00,000,374 \| -H-- \| C] () -- C:\WINDOWS\tasks\MpIdleTask.job [2009/10/26 19:52:44 \| 00,000,162 \| -H-- \| C] () -- C:\Documents and Settings\Doylechiro\Desktop\~$w Microsoft Word Document (4).doc [2009/10/26 19:52:26 \| 00,010,752 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Desktop\New Microsoft Word Document (4).doc [2009/10/26 09:24:55 \| 00,000,211 \| ---- \| C] () -- C:\Boot.bak [2009/10/26 09:24:43 \| 00,260,272 \| ---- \| C] () -- C:\cmldr [2009/10/26 09:22:25 \| 00,236,544 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2009/10/26 09:22:25 \| 00,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2009/10/26 09:22:25 \| 00,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2009/10/26 09:22:25 \| 00,077,312 \| ---- \| C] () -- C:\WINDOWS\MBR.exe [2009/10/26 09:22:25 \| 00,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2009/10/26 09:05:53 \| 03,436,986 \| R--- \| C] () -- C:\Documents and Settings\Doylechiro\My Documents\ComboFix.exe [2009/10/26 07:31:10 \| 00,000,000 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Desktop\settings.dat [2009/10/19 08:06:59 \| 00,000,729 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/19 08:04:26 \| 00,000,800 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/10/19 08:04:23 \| 00,000,644 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Desktop\NTREGOPT.lnk [2009/10/19 08:04:22 \| 00,000,625 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Desktop\ERUNT.lnk [2009/10/16 17:30:12 \| 00,000,408 \| -H-- \| C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2009/10/16 17:24:27 \| 00,000,853 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk [2009/10/16 15:02:38 \| 00,015,688 \| ---- \| C] () -- C:\WINDOWS\System32\lsdelete.exe [2009/10/16 13:15:04 \| 00,000,472 \| ---- \| C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2009/10/16 13:11:33 \| 00,000,900 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2009/10/15 10:22:59 \| 00,002,119 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mat.gif [2009/10/15 10:22:59 \| 00,000,607 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mzn.gif [2009/10/15 10:22:59 \| 00,000,598 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mby.gif [2008/10/15 14:43:48 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\DM510.dll [2008/02/17 12:35:24 \| 00,004,114 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\SAS7_000.DAT [2008/02/04 18:23:10 \| 00,693,792 \| ---- \| C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2007/01/21 10:36:40 \| 00,003,584 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/10/02 12:51:26 \| 00,001,793 \| ---- \| C] () -- C:\WINDOWS\System32\fxsperf.ini [2006/04/17 14:45:49 \| 00,000,133 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\fusioncache.dat [2006/03/10 09:54:57 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\Doylechiro\Application Data\DESKTOP.INI [2006/03/10 09:54:53 \| 00,082,416 \| ---- \| C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2006/03/10 09:54:49 \| 01,578,622 \| -H-- \| C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\IconCache.db [2006/01/27 09:25:39 \| 00,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\YCRWin32.dll [2006/01/17 15:58:04 \| 00,000,056 \| RHS- \| C] () -- C:\WINDOWS\System32\BADECEE175.sys [2006/01/17 15:41:52 \| 00,003,350 \| -HS- \| C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2005/09/29 15:00:21 \| 00,000,340 \| ---- \| C] () -- C:\WINDOWS\ptlabels.ini [2005/08/01 10:04:19 \| 00,000,187 \| ---- \| C] () -- C:\WINDOWS\wiseftp.ini [2005/04/11 14:49:25 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\plclient.INI [2005/03/03 09:17:05 \| 00,000,428 \| ---- \| C] () -- C:\WINDOWS\cdPlayer.ini [2005/01/31 16:08:30 \| 00,000,032 \| ---- \| C] () -- C:\WINDOWS\concentr.ini [2005/01/31 15:10:21 \| 00,000,042 \| ---- \| C] () -- C:\WINDOWS\webica.ini [2005/01/28 11:45:23 \| 00,000,377 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2004/12/09 18:36:40 \| 00,000,012 \| ---- \| C] () -- C:\WINDOWS\clocked.ini [2004/11/30 11:04:03 \| 00,000,072 \| ---- \| C] () -- C:\WINDOWS\WINTIME.INI [2004/11/26 21:57:26 \| 00,000,567 \| ---- \| C] () -- C:\WINDOWS\BTI.INI [2004/11/26 21:56:35 \| 00,118,784 \| ---- \| C] () -- C:\WINDOWS\System32\SAWZip.dll [2004/11/26 21:56:35 \| 00,069,632 \| ---- \| C] () -- C:\WINDOWS\System32\zlib.dll [2004/11/26 21:56:31 \| 00,307,200 \| ---- \| C] () -- C:\WINDOWS\System32\AppointmentView.dll [2004/11/26 21:56:27 \| 00,345,088 \| ---- \| C] () -- C:\WINDOWS\System32\ShrLk21.dll [2004/11/26 21:56:27 \| 00,304,128 \| ---- \| C] () -- C:\WINDOWS\System32\KeyGen.dll [2004/10/26 20:50:32 \| 00,000,121 \| ---- \| C] () -- C:\WINDOWS\Lname.ini [2004/10/26 20:50:29 \| 00,000,482 \| ---- \| C] () -- C:\WINDOWS\HITLIST.INI [2004/10/26 20:50:28 \| 00,000,214 \| ---- \| C] () -- C:\WINDOWS\Browser.ini [2004/10/26 10:19:45 \| 00,000,036 \| ---- \| C] () -- C:\WINDOWS\iltwain.ini [2004/09/03 08:49:07 \| 00,000,039 \| ---- \| C] () -- C:\WINDOWS\wininit.ini [2004/09/03 08:42:34 \| 00,000,045 \| ---- \| C] () -- C:\WINDOWS\IDIGFLGN.ini [2004/07/17 15:06:12 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\Dssole.INI [2004/07/17 15:06:07 \| 00,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll [2004/07/07 16:32:17 \| 00,014,938 \| ---- \| C] () -- C:\WINDOWS\System32\lvcoinst.ini [2004/06/30 08:34:22 \| 00,000,010 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2004/06/14 10:46:07 \| 00,051,392 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys [2004/06/08 11:27:17 \| 00,000,064 \| ---- \| C] () -- C:\WINDOWS\qwimp.ini [2004/06/08 11:27:15 \| 00,000,520 \| ---- \| C] () -- C:\WINDOWS\intuprof.ini [2004/06/08 11:24:14 \| 00,001,471 \| ---- \| C] () -- C:\WINDOWS\QUICKEN.INI [2004/06/01 10:24:42 \| 00,000,049 \| ---- \| C] () -- C:\WINDOWS\upth.ini [2004/06/01 10:24:42 \| 00,000,024 \| ---- \| C] () -- C:\WINDOWS\atid.ini [2004/05/21 13:34:09 \| 00,003,399 \| R--- \| C] () -- C:\WINDOWS\System32\hptcpmon.ini [2004/05/21 13:34:09 \| 00,000,134 \| ---- \| C] () -- C:\WINDOWS\System32\AddPort.ini [2004/05/21 13:31:37 \| 00,000,103 \| ---- \| C] () -- C:\WINDOWS\System32\hptrace.ini [2004/05/21 11:54:13 \| 00,001,437 \| ---- \| C] () -- C:\WINDOWS\hpdj5800.ini [2004/01/20 07:24:15 \| 00,040,278 \| ---- \| C] () -- C:\Program Files\Copy of Patients.dat [2003/11/04 11:39:18 \| 00,000,005 \| ---- \| C] () -- C:\WINDOWS\SUPER.INI [2003/10/20 16:00:28 \| 00,000,832 \| ---- \| C] () -- C:\WINDOWS\efscan.ini [2003/10/20 16:00:28 \| 00,000,021 \| ---- \| C] () -- C:\WINDOWS\efaxview.ini [2003/10/09 20:04:56 \| 00,000,027 \| ---- \| C] () -- C:\WINDOWS\UP9ASP.INI [2003/09/24 16:34:19 \| 00,251,392 \| ---- \| C] () -- C:\WINDOWS\System32\tx32.dll [2003/09/24 16:34:19 \| 00,000,150 \| ---- \| C] () -- C:\WINDOWS\System32\ic32.ini [2003/09/24 16:34:13 \| 00,010,092 \| ---- \| C] () -- C:\WINDOWS\exerpro.ini [2003/09/22 17:13:17 \| 00,000,773 \| ---- \| C] () -- C:\WINDOWS\BLST8.INI [2003/09/20 11:18:22 \| 00,000,173 \| ---- \| C] () -- C:\WINDOWS\srlink.ini [2003/09/20 11:18:22 \| 00,000,040 \| ---- \| C] () -- C:\WINDOWS\System32\sx96.ini [2003/09/20 11:17:42 \| 00,021,504 \| ---- \| C] () -- C:\WINDOWS\System32\docobj.dll [2003/09/20 11:15:13 \| 00,000,213 \| ---- \| C] () -- C:\WINDOWS\dgnsetup.ini [2003/09/18 07:51:25 \| 00,000,027 \| ---- \| C] () -- C:\WINDOWS\Crypkey.ini [2003/09/18 07:51:21 \| 00,024,608 \| ---- \| C] () -- C:\WINDOWS\System32\Ckldrv.sys [2003/09/18 07:51:21 \| 00,018,432 \| ---- \| C] () -- C:\WINDOWS\Setup_ck.dll [2003/09/18 07:50:22 \| 00,110,080 \| ---- \| C] () -- C:\WINDOWS\System32\W32mkrc.dll [2003/09/18 07:50:22 \| 00,097,290 \| ---- \| C] () -- C:\WINDOWS\System32\Crp32dll.dll [2003/09/18 07:50:17 \| 01,073,152 \| ---- \| C] () -- C:\WINDOWS\System32\owl53v.dll [2003/09/18 07:50:17 \| 00,906,784 \| ---- \| C] () -- C:\WINDOWS\System32\Owl52f.dll [2003/09/18 07:50:17 \| 00,017,424 \| ---- \| C] () -- C:\WINDOWS\System32\FH_BMP.DLL [2003/09/18 07:50:12 \| 00,531,456 \| ---- \| C] () -- C:\WINDOWS\System32\Bdt52cf.dll [2003/09/18 07:50:12 \| 00,518,080 \| ---- \| C] () -- C:\WINDOWS\System32\bdt52c.dll [2003/09/18 07:46:18 \| 00,001,640 \| ---- \| C] () -- C:\WINDOWS\TrackMe.ini [2003/09/16 10:07:26 \| 00,000,036 \| ---- \| C] () -- C:\WINDOWS\BLST.INI [2003/09/14 17:23:53 \| 00,174,608 \| ---- \| C] () -- C:\WINDOWS\Tutility.dll [2003/09/14 16:24:39 \| 00,001,371 \| ---- \| C] () -- C:\WINDOWS\PM4W.INI [2003/09/14 13:22:47 \| 00,009,208 \| ---- \| C] () -- C:\WINDOWS\hplj1300.ini [2003/09/14 13:17:09 \| 00,000,951 \| ---- \| C] () -- C:\WINDOWS\hpbvnstp.ini [2003/08/19 17:22:33 \| 00,000,061 \| ---- \| C] () -- C:\WINDOWS\smscfg.ini [2003/08/19 17:17:56 \| 00,000,885 \| ---- \| C] () -- C:\WINDOWS\lrun32.ini [2003/08/19 17:16:47 \| 00,001,143 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2003/08/19 17:11:52 \| 00,000,791 \| ---- \| C] () -- C:\WINDOWS\orun32.ini [2003/08/19 17:00:08 \| 00,363,520 \| ---- \| C] () -- C:\WINDOWS\System32\psisdecd.dll [2003/08/19 16:49:32 \| 00,000,549 \| ---- \| C] () -- C:\WINDOWS\System32\OEMINFO.INI [2003/01/07 16:05:08 \| 00,002,695 \| ---- \| C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/12/09 09:38:12 \| 00,094,274 \| ---- \| C] () -- C:\WINDOWS\System32\HPBHEALR.DLL [2002/09/03 13:36:02 \| 00,000,699 \| ---- \| C] () -- C:\WINDOWS\WIN.INI [2002/09/03 13:26:32 \| 00,000,246 \| ---- \| C] () -- C:\WINDOWS\system.ini [2002/09/03 13:26:20 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI [2002/04/11 13:47:52 \| 00,049,152 \| ---- \| C] () -- C:\WINDOWS\System32\msmscoin.dll [2000/09/08 17:53:50 \| 00,073,839 \| ---- \| C] () -- C:\WINDOWS\System32\KodakOneTouch.dll [1999/01/27 13:39:06 \| 00,065,024 \| ---- \| C] () -- C:\WINDOWS\System32\indounin.dll [1997/06/13 07:56:08 \| 00,056,832 \| ---- \| C] () -- C:\WINDOWS\System32\Iyvu9_32.dll [1980/01/01 00:00:00 \| 00,012,288 \| ---- \| C] () -- C:\WINDOWS\System32\e100bmsg.dll ========== LOP Check ========== [2009/10/19 08:06:52 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\All Users\Application Data [2009/10/16 13:11:55 \| 00,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2006/01/17 15:54:53 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Borland [2006/01/17 15:50:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Corel [2004/11/26 15:38:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Dell [2004/10/26 10:20:12 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\G7PS [2009/01/13 20:08:52 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2006/01/27 09:30:46 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Motive [2007/04/03 14:42:51 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MSN6 [2008/02/17 12:02:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Nuance [2004/06/14 09:13:42 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks [2009/08/20 07:11:57 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\RegCure [2003/08/19 17:13:11 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SBSI [2008/02/17 16:39:23 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2004/01/22 11:09:14 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Support.com [2009/10/16 16:59:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2005/02/06 14:03:29 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/10/26 09:59:57 \| 00,000,000 \| RH-D \| M] -- C:\Documents and Settings\Doylechiro\Application Data [2007/01/10 12:56:24 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\ActiveDocs [2008/09/26 12:51:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\FileZilla [2006/09/27 12:58:36 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\G7PS [2006/04/25 09:02:03 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Kana Solution [2008/03/03 18:46:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\KompoZer [2008/10/15 14:45:20 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\LinkManager 4.0 [2007/04/03 14:43:00 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\MSN6 [2008/02/17 12:07:54 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Nuance [2009/01/27 13:06:58 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\OpenOffice.org [2006/09/05 10:07:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\ScanSoft [2008/03/24 11:52:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\Doylechiro\Application Data\Viewpoint [2009/10/26 19:49:56 \| 00,000,472 \| ---- \| M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2009/10/16 14:40:10 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job [2002/08/29 05:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\DESKTOP.INI [2009/10/26 19:50:14 \| 00,000,408 \| -H-- \| M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2009/10/26 20:07:56 \| 00,000,374 \| -H-- \| M] () -- C:\WINDOWS\Tasks\MpIdleTask.job [2009/10/26 19:45:33 \| 00,000,448 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job [2009/10/26 19:45:17 \| 00,000,388 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure Startup.job [2009/10/18 03:06:01 \| 00,000,382 \| ---- \| M] () -- C:\WINDOWS\Tasks\RegCure.job [2009/10/26 19:45:08 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT [2009/10/26 19:45:17 \| 00,000,398 \| ---- \| M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job [2009/10/16 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job [2009/10/26 09:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job [2009/10/26 16:00:00 \| 00,000,406 \| -H-- \| M] () -- C:\WINDOWS\Tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\oldnartvtmp.rtf: SummaryInformation < End of report > Step 2… Step 3 MBAM Malwarebytes' Anti-Malware 1.41 Database version: 3037 Windows 5.1.2600 Service Pack 3 10/27/2009 7:12:52 AM mbam-log-2009-10-27 (07-12-52).txt Scan type: Full Scan (C:\\|) Objects scanned: 250319 Time elapsed: 3 hour(s), 36 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1639\A0107909.exe (Rogue.ProofDefender) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1639\A0107915.dll (Rogue.ProofDefender) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1640\A0107940.exe (Rogue.ProofDefender) -> Quarantined and deleted successfully. C:\Program Files\Webroot\Spy Sweeper\NDN01.exe (Backdoor.Bot) -> Quarantined and deleted successfully. Step 4 SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 10/27/2009 at 09:15 AM Application Version : 4.29.1004 Core Rules Database Version : 4197 Trace Rules Database Version: 2107 Scan type : Complete Scan Total Scan Time : 01:51:57 Memory items scanned : 553 Memory threats detected : 0 Registry items scanned : 8171 Registry threats detected : 0 File items scanned : 120000 File threats detected : 11 Adware.Tracking Cookie .doubleclick.net [ C:\Documents and Settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\cookies.txt ] .insightexpressai.com [ C:\Documents and Settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\cookies.txt ] .mediaplex.com [ C:\Documents and Settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\cookies.txt ] .apmebf.com [ C:\Documents and Settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\cookies.txt ] .collective-media.net [ C:\Documents and Settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\cookies.txt ] Trojan.Agent/Gen-SuperFake C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\DOYLECHIRO\APPLICATION DATA\GMAIL\GORHV17911194.EXE.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1650\A0108528.EXE Trojan.Vundo-Variant/F C:\WINDOWS\SYSTEM32\CRP32DLL.DLL Step 5 The link returned the following…. I stopped here because I do not want to mess anything up! Error 403 - Forbidden You tried to access a document for which you don't have privileges. System is running better, no pop up now!

andrewuk View Member Profile	Oct 27 2009, 10:32 AM Post #11
Trusted Helper Posts: 4,592 From: London, UK OS: XP	move onto Step 6 - you may have to upgrade your Java for which the instructions are also in Step 6. it would be advisable to upgrade your Java anyway. andrewuk

bitterbuck View Member Profile	Oct 27 2009, 08:34 PM Post #12
Member Posts: 18 OS: XP	By the way, I want to thank you for taking the time to help me with this!!!! Found another link for JavaRS, completed the step..... If we can fix the SQL issue asap, that would help. I am unable to open an important program.... -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, October 27, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, October 27, 2009 10:59:32 Records in database: 3089395 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ Scan statistics: Objects scanned: 121143 Threats found: 5 Infected objects found: 14 Suspicious objects found: 0 Scan duration: 04:00:14 File name / Threat / Threats count C:\Admin\antispy\ewido_micro.exe Infected: Trojan-Downloader.Win32.Genome.ooc 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1 C:\Documents and Settings\Doylechiro\Desktop\logmein.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1 C:\Program Files\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e 1 C:\Qoobox\Quarantine\C\Documents and Settings\Doylechiro\Application Data\Gmail\Shell32.dll.vir Infected: Trojan.Win32.FraudPack.vux 1 C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1639\A0107898.dll Infected: Trojan.Win32.FraudPack.vux 1 C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1639\A0107916.dll Infected: Trojan.Win32.FraudPack.vux 1 C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1640\A0107935.dll Infected: Trojan.Win32.FraudPack.vux 1 C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1642\A0107969.dll Infected: Trojan.Win32.FraudPack.vux 1 C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1645\A0108202.dll Infected: Trojan.Win32.FraudPack.vux 1 C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1646\A0108325.dll Infected: Trojan.Win32.FraudPack.vux 1 C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1649\A0108453.dll Infected: Trojan.Win32.FraudPack.vux 1 C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1649\A0108470.dll Infected: Trojan.Win32.FraudPack.vux 1 C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1650\A0108511.dll Infected: Trojan.Win32.FraudPack.vux 1 Selected area has been scanned.

andrewuk View Member Profile	Oct 27 2009, 09:07 PM Post #13
Trusted Helper Posts: 4,592 From: London, UK OS: XP	do you recognise this file? C:\Admin\antispy\ewido_micro.exe it looks like it belongs to ewido anti-spyware microscanner, but i dont recognise the file path. andrewuk

bitterbuck View Member Profile	Oct 27 2009, 09:18 PM Post #14
Member Posts: 18 OS: XP	No, I do not know what it is.

andrewuk View Member Profile	Oct 28 2009, 03:12 AM Post #15
Trusted Helper Posts: 4,592 From: London, UK OS: XP	Run OTL.exe by double clicking the icon on your desktop Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) :Files C:\Admin\antispy\ewido_micro.exe :Commands [emptytemp] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then post the log that it produces

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

3 Pages

1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Security Center Alert: Sinowal.Trojan popup [Solved]	10 / 675	17th December 2008 - 12:21 AM DazWolf started - last by emeraldnzl
Virus, Spyware and Trojan Removal fake security center popup	0 / 171	28th February 2009 - 02:16 PM dontottem started - last by dontottem
Virus, Spyware and Trojan Removal Fake Security Center Alerts, dont know the name of the virus or whatev	8 / 2,204	19th May 2009 - 12:28 PM djbrag started - last by andrewuk
Virus, Spyware and Trojan Removal Security Center Alert [Solved]	3 / 588	3rd July 2009 - 02:20 PM sailerman started - last by heir