Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Troj/Rustok-N [Solved]

Started by Sudy Nimm , Jul 12 2009 01:42 PM

  • This topic is locked This topic is locked

#1
Sudy Nimm
Posted 12 July 2009 - 01:42 PM

Sudy Nimm

    New Member

  • Member
  • Pip
  • 9 posts
I'm afraid I've picked up the Troj/Rustok-N Virus. I've tried several different methods to find the bugger, but it the dropper must change its file name. I've used WiniFighter, AVG, Norton... Nothing. This one is smart. It doesn't allow me to update SpywareDoctor, and unfortunately, I can't run the program until its fully updated. Somebody please help. I've heard some pretty nasty rumors about this one. :)
  • 0

Advertisements

#2
Rorschach112
Posted 12 July 2009 - 02:39 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0

#3
Sudy Nimm
Posted 12 July 2009 - 03:09 PM

Sudy Nimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Sorry for the wait. I had to completely remove Norton.

When I try to run ComboFix I get a message stating that I can't rename it to "Combo-Fix" and need to use alphanumeric characters to rename it. :)
  • 0

#4
Rorschach112
Posted 12 July 2009 - 03:12 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
rename it to abcd.exe

work then ?
  • 0

#5
Sudy Nimm
Posted 12 July 2009 - 03:45 PM

Sudy Nimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Was it supposed to remove all my internet browsers from the registry? It seems like it turned my laptop completely upside down.
  • 0

#6
Rorschach112
Posted 12 July 2009 - 04:00 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
do you have the log ?
  • 0

#7
Sudy Nimm
Posted 12 July 2009 - 04:02 PM

Sudy Nimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Yeah, on my laptop. I had to switch computers because, like I said, it deleted my internet browsers from the registry so they're inaccessible.
  • 0

#8
Rorschach112
Posted 12 July 2009 - 04:03 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
well I need to see it, if you can transfer it over and post it
  • 0

#9
Sudy Nimm
Posted 12 July 2009 - 04:44 PM

Sudy Nimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Okay, I had to run it all over again, but here's the log.

------------------------------------------------------------------

ComboFix 09-07-12.01 - Will 07/12/2009 17:18.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1809 [GMT -5:00]
Running from: c:\users\Will\Desktop\abcd.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 )))))))))))))))))))))))))))))))
.

2009-07-12 22:30 . 2009-07-12 22:30 -------- d-----w- c:\users\Tiffany\AppData\Local\temp
2009-07-12 22:30 . 2009-07-12 22:30 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-07-12 22:30 . 2009-07-12 22:30 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-07-12 22:30 . 2009-07-12 22:30 -------- d-----w- c:\users\Administrator.DERANGED\AppData\Local\temp
2009-07-12 22:08 . 2009-07-12 22:08 -------- d-----w- c:\users\Will\AppData\Local\AOL
2009-07-12 20:50 . 2009-07-12 20:52 -------- d-----w- C:\Combo-Fix
2009-07-12 06:39 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-12 06:39 . 2009-04-03 16:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-12 06:39 . 2008-12-18 17:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-12 06:38 . 2009-07-12 06:39 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-12 06:38 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-12 06:38 . 2009-07-12 06:40 -------- d-----w- c:\program files\Spyware Doctor
2009-07-12 06:38 . 2009-07-12 06:38 -------- d-----w- c:\users\Will\AppData\Roaming\PC Tools
2009-07-12 06:38 . 2009-07-12 06:38 -------- d-----w- c:\programdata\PC Tools
2009-07-12 04:04 . 2009-07-12 04:04 -------- d-----w- c:\program files\Red Storm Entertainment
2009-07-10 18:52 . 2009-07-10 18:52 1 ----a-w- c:\users\Will\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-10 18:50 . 2009-07-10 18:50 -------- d-----w- c:\users\Will\AppData\Roaming\OpenOffice.org
2009-07-10 18:41 . 2009-07-10 18:41 -------- d-----w- c:\program files\JRE
2009-07-10 18:39 . 2009-07-10 18:41 -------- d-----w- c:\program files\OpenOffice.org 3
2009-07-10 07:44 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-10 06:27 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-10 06:27 . 2009-07-10 06:27 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-10 06:27 . 2009-07-08 17:28 2920112 -c--a-w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-10 06:25 . 2009-07-10 06:25 -------- d-----w- c:\program files\Lavasoft
2009-07-10 03:19 . 2009-07-10 03:19 -------- d-----w- c:\program files\Guitar Pro 5
2009-07-10 01:17 . 2009-07-10 01:17 -------- d-----w- c:\program files\Disney
2009-07-09 04:29 . 2009-07-09 04:29 -------- d-----w- c:\users\Will\GMArcade
2009-07-07 23:35 . 2009-07-07 23:35 -------- d-----w- c:\programdata\3DVIA
2009-07-07 23:35 . 2009-07-07 23:35 -------- d-----w- c:\program files\Virtools
2009-07-07 23:26 . 2009-07-07 23:26 -------- d-----w- c:\windows\Sun
2009-07-07 23:26 . 2009-07-07 23:26 -------- d-----w- c:\program files\NeedforMadness_at
2009-06-29 00:12 . 2009-06-29 00:12 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-27 19:35 . 2009-06-27 19:35 10134 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-27 19:35 . 2009-06-27 19:35 -------- d-----w- c:\program files\Microsoft WSE
2009-06-27 19:17 . 2009-06-27 19:17 -------- d-----w- c:\program files\Electronic Arts
2009-06-25 17:01 . 2009-06-25 17:01 45056 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{193428D8-940D-4351-88F6-0AFA7D1E3CB8}\MapleStory.exe1_193428D8940D435188F60AFA7D1E3CB8.exe
2009-06-25 17:01 . 2009-06-25 17:01 45056 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{193428D8-940D-4351-88F6-0AFA7D1E3CB8}\MapleStory.exe_193428D8940D435188F60AFA7D1E3CB8.exe
2009-06-25 17:01 . 2009-06-25 17:01 10134 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{193428D8-940D-4351-88F6-0AFA7D1E3CB8}\ARPPRODUCTICON.exe
2009-06-25 16:58 . 2009-06-25 16:58 -------- d-----w- C:\Nexon
2009-06-25 15:53 . 2009-06-28 08:48 -------- d-----w- c:\users\Will\AppData\Local\PMB Files
2009-06-25 15:53 . 2009-06-25 15:56 -------- d-----w- c:\programdata\PMB Files
2009-06-25 15:53 . 2009-06-25 15:53 -------- d-----w- c:\program files\Pando Networks
2009-06-17 06:54 . 2009-06-17 06:54 -------- d-----w- c:\program files\thriXXX
2009-06-17 06:54 . 2009-06-17 06:54 -------- d-----w- c:\users\Will\AppData\Roaming\thriXXX
2009-06-17 06:11 . 2008-05-30 19:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2009-06-17 06:10 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-06-17 06:06 . 2009-06-17 06:06 -------- d-----w- c:\program files\Utherverse Digital Inc
2009-06-15 07:55 . 2009-06-15 07:55 -------- d-----w- c:\users\Will\AppData\Roaming\BitZipper
2009-06-15 07:55 . 2009-06-15 07:55 -------- d-----w- c:\program files\BitZipper
2009-06-14 00:38 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 00:38 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 22:27 . 2008-12-29 21:36 -------- d-----w- c:\users\Will\AppData\Roaming\DNA
2009-07-12 22:09 . 2009-01-30 05:36 -------- d-----w- c:\program files\Steam
2009-07-12 22:06 . 2008-08-04 16:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-12 21:08 . 2008-08-04 16:43 -------- d-----w- c:\programdata\Symantec
2009-07-12 19:31 . 2008-12-25 03:26 -------- d-----w- c:\programdata\Viewpoint
2009-07-12 18:57 . 2009-02-08 05:33 1356 ----a-w- c:\users\Will\AppData\Local\d3d9caps.dat
2009-07-12 06:38 . 2008-12-25 16:47 70496 ----a-w- c:\programdata\nvModes.dat
2009-07-12 04:15 . 2009-04-23 21:49 -------- d-----w- c:\users\Will\AppData\Roaming\vghd
2009-07-12 04:04 . 2008-08-04 16:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-11 02:34 . 2008-12-25 03:31 83088 ----a-w- c:\users\Will\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-11 02:30 . 2009-04-24 04:19 -------- d-----w- c:\programdata\avg8
2009-07-10 18:31 . 2008-08-04 18:49 -------- d-----w- c:\program files\Java
2009-07-10 08:07 . 2009-01-30 05:36 -------- d-----w- c:\program files\Common Files\Steam
2009-07-10 07:58 . 2008-12-29 21:15 -------- d-----w- c:\programdata\Lavasoft
2009-07-10 07:58 . 2008-12-26 02:43 -------- d-----w- c:\program files\Zune
2009-07-10 07:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-10 07:15 . 2009-01-12 20:10 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-01 13:13 . 2009-04-24 04:19 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-01 13:13 . 2009-04-24 04:19 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-01 13:13 . 2009-04-24 04:19 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-27 07:09 . 2009-04-23 21:51 5 ----a-w- c:\windows\sbacknt.bin
2009-06-27 06:43 . 2009-04-23 21:50 152904 ----a-w- c:\windows\system32\vghd.scr
2009-06-21 09:46 . 2008-12-29 21:36 -------- d-----w- c:\program files\DNA
2009-06-17 04:05 . 2008-12-29 05:36 34 ----a-w- c:\users\Will\jagex_runescape_preferences.dat
2009-06-16 19:49 . 2008-12-30 18:16 -------- d-----w- c:\users\Will\AppData\Roaming\Skype
2009-06-16 19:48 . 2008-12-30 18:17 -------- d-----w- c:\users\Will\AppData\Roaming\skypePM
2009-06-14 08:01 . 2008-08-04 18:13 -------- d-----w- c:\programdata\Microsoft Help
2009-06-11 08:18 . 2008-08-04 17:50 -------- d-----w- c:\program files\Microsoft Works
2009-06-08 02:25 . 2009-04-23 00:06 0 ----a-w- c:\users\Will\AppData\Local\Vrapuhayat.bin
2009-05-30 02:20 . 2009-05-30 02:20 -------- d-----w- c:\users\Will\AppData\Roaming\DivX
2009-05-29 03:53 . 2009-04-23 02:28 0 ----a-w- c:\users\Tiffany\AppData\Local\Vrapuhayat.bin
2009-05-27 01:25 . 2009-05-27 01:22 -------- d-----w- c:\program files\Google
2009-05-27 01:24 . 2009-05-27 01:22 -------- d-----w- c:\program files\DivX
2009-05-27 01:23 . 2009-05-27 01:23 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-27 01:22 . 2009-05-27 01:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-22 04:28 . 2009-05-22 04:28 -------- d-----w- c:\users\Tiffany\AppData\Roaming\Skype
2009-05-20 22:27 . 2009-02-28 07:19 -------- d-----w- c:\program files\AIM6
2009-05-20 22:27 . 2009-05-20 22:27 -------- d-----w- c:\programdata\AIM
2009-05-20 22:27 . 2009-05-20 22:27 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-05-09 14:56 . 2009-03-24 20:02 78512 ----a-w- c:\users\Tiffany\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-01 20:49 . 2009-04-24 04:19 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-25 03:02 . 2009-01-24 12:42 78120 ----a-w- c:\users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-24 16:05 . 2009-06-11 01:51 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-11 01:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-11 01:51 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-11 01:51 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 01:51 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-23 03:15 . 2009-04-23 00:06 300 ----a-w- c:\users\Will\AppData\Local\Ptefitatuxofum.dat
2009-04-23 02:28 . 2009-04-23 02:28 300 ----a-w- c:\users\Tiffany\AppData\Local\Ptefitatuxofum.dat
2009-04-22 05:29 . 2009-04-20 21:52 122 ----a-w- c:\users\Will\AppData\Roaming\wklnhst.dat
2009-04-21 11:55 . 2009-06-11 01:51 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-21 04:11 . 2009-04-21 04:06 3310 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_16496df1.exe
2009-04-21 04:11 . 2009-04-21 04:06 1078 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_69525f90.exe
2009-04-21 04:11 . 2009-04-21 04:06 1078 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_4ae13d6c.exe
2009-04-21 04:11 . 2009-04-21 04:06 1078 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_2cd672ae.exe
2009-04-21 04:11 . 2009-04-21 04:06 1078 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_294823.exe
2009-04-21 04:11 . 2009-04-21 04:06 1078 ----a-r- c:\users\Will\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_18be6784.exe
2009-04-16 05:47 . 2009-04-16 05:19 248672 ----a-w- c:\programdata\Microsoft\VCSExpress\9.0\1033\ResourceCache.dll
2009-04-16 05:18 . 2009-04-16 05:18 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-04 15:03 . 2008-08-04 15:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-07-12_21.33.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-07-12 22:08 53582 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-12 22:08 87538 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-15 06:42 . 2009-07-12 22:13 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-15 06:42 . 2009-07-12 20:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-15 06:42 . 2009-07-12 20:18 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-15 06:42 . 2009-07-12 22:13 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-15 06:42 . 2009-07-12 22:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-15 06:42 . 2009-07-12 20:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-25 16:42 . 2009-07-12 22:08 9708 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1353891687-407797197-3946785405-1000_UserData.bin
- 2009-07-12 19:02 . 2009-07-12 19:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-12 22:06 . 2009-07-12 22:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-12 22:06 . 2009-07-12 22:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-12 19:02 . 2009-07-12 19:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"BitTorrent DNA"="c:\users\Will\Program Files\DNA\btdna.exe" [2008-12-30 342848]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-11 1217784]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-10 148888]

c:\users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ImpulseNow.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-4-11 356352]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
Sins of a Solar Empire Launcher.lnk - c:\program files\Stardock Games\Sins of a Solar Empire\SINS_Launcher.exe [2009-3-23 587992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{053E5549-ECD5-4FE4-8DB9-641DFB10CF77}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{C1BAABB6-21B7-49B7-91E1-E455B4B6BC44}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{CE417CC2-006D-44BC-B33A-291B02416FCB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{360E3640-FB26-4DEF-8288-8B53B8EBB28A}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C55EE582-4D18-4465-B67C-01CCBFDC83AC}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{95EE0CD8-5F66-4F8F-870E-DD47731FF52B}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E88DE010-DA73-4D2A-BAA4-6C14A98D65E9}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4F327E78-56A9-4596-90F5-D2CE8266B66D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{D9485C7D-CE4F-46C6-87F0-EF8D73CC946A}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{A91B4487-F168-4986-8F01-2AB388C63CB2}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{8093830D-F4B0-425B-AF0C-0C55127BA861}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{B9F6439C-C04C-4AF8-BADC-646F6808AD56}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{D90DF52F-B02A-41DD-9E81-2403AC2DF159}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{FACB8D87-6F31-449C-9659-C112780CB644}"= UDP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars™
"{20B1BD77-EE40-4770-ADB5-6D41F368F4D8}"= TCP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqw.exe:Enemy Territory - QUAKE Wars™
"{B23B99C6-4275-4C21-A1CA-5D0FDF184A00}"= UDP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{5F79B689-2272-4FAE-B21B-BAE07F395BDE}"= TCP:c:\program files\id Software\Enemy Territory - QUAKE Wars\etqwded.exe:etqwded.exe
"{D418F727-7956-4581-B8DE-1C925CBA7EA0}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{9D18BC72-FF16-4797-BEE4-79C4F480B1E4}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{46E6282A-5A8D-4920-9D58-D1EBCC6B5158}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{4E88ED6E-14C6-4B0B-A4D1-11973F6E5D91}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{69C5E32E-5A23-49AB-B1AA-F383716E50D4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0C6E4B27-0772-4808-89FA-34721BBE41CF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{8248A930-946F-4D2C-9836-E97FE0BAAEC6}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{EE02F709-E253-47EC-A979-51F58876CAB3}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{845C5797-B260-4A73-B0DD-D66D23658932}c:\\program files\\america's army deploy client\\aadeployclient.exe"= UDP:c:\program files\america's army deploy client\aadeployclient.exe:AADeployClient
"UDP Query User{6668F259-6999-409D-A1D2-B5FBDF7E98E7}c:\\program files\\america's army deploy client\\aadeployclient.exe"= TCP:c:\program files\america's army deploy client\aadeployclient.exe:AADeployClient
"TCP Query User{0E3AD46F-7166-4303-88FE-FC5FDA2E3D21}c:\\program files\\america's army\\system\\armyops.exe"= UDP:c:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{7427CD66-F0A9-4656-89A9-FA84FCEFA1B2}c:\\program files\\america's army\\system\\armyops.exe"= TCP:c:\program files\america's army\system\armyops.exe:ArmyOps
"{D3BCFFE4-D3D7-4150-85C2-B519DC62324B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{331965D7-5E7A-4B6C-8A2C-6B5284335015}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0BFDD491-3716-46FF-8C6C-41701118CBDC}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{8B7739CE-9455-411A-85FE-D96921F9E672}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{9D1CD752-8313-41D6-A17D-98221480F014}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{197C3B9B-F698-4114-9F8B-AF85A8C8D9B4}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{4C97E852-9BFF-4890-B018-9E036212FA51}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{3289B02B-7EE1-49F9-B880-E501E193C58F}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{71ACD665-8ED8-43F2-A6EC-2A2E9D670677}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{EA2BEAE9-56D3-4ED5-8192-4E7A6322F48C}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{06340F39-1392-494F-80C3-A2B380CE0104}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe:Sins of a Solar Empire - Entrenchment
"{895DD68B-61F4-4D32-9D53-254C85FB99F1}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe:Sins of a Solar Empire - Entrenchment
"TCP Query User{3B277051-DE56-464A-A356-C28EC16EE759}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire.exe
"UDP Query User{40CAC7F9-2C50-484D-891A-C1B6F8647506}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire.exe
"TCP Query User{C0B42E43-E6F1-4EB0-8C1E-80AB0FDEED48}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= UDP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC.exe
"UDP Query User{D7744854-267E-4CD6-811C-44FD30B475EF}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= TCP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC.exe
"TCP Query User{935DC021-D124-4D00-BAFE-B39163F47B20}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= UDP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC.exe
"UDP Query User{E6CAFA4D-BCC3-4048-8275-1DFC74FF1399}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= TCP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC.exe
"TCP Query User{45CAFC97-76BA-497E-8C41-F0C2C23C0C90}c:\\program files\\infogrames interactive\\majesty - gold edition\\majx\\majx.exe"= UDP:c:\program files\infogrames interactive\majesty - gold edition\majx\majx.exe:Majesty Expansion
"UDP Query User{76CA4D13-67CF-43F4-8040-E7562EF47E3F}c:\\program files\\infogrames interactive\\majesty - gold edition\\majx\\majx.exe"= TCP:c:\program files\infogrames interactive\majesty - gold edition\majx\majx.exe:Majesty Expansion
"TCP Query User{414112CA-6DC7-4E36-89CD-4D2CC3C2144D}c:\\program files\\america's army deploy client\\aadeployclient.exe"= UDP:c:\program files\america's army deploy client\aadeployclient.exe:AADeployClient
"UDP Query User{58E368C0-EAAA-495C-92E0-1035E67C9BB0}c:\\program files\\america's army deploy client\\aadeployclient.exe"= TCP:c:\program files\america's army deploy client\aadeployclient.exe:AADeployClient
"TCP Query User{83A5D67D-0DF0-4161-BC74-97E41843DC2F}c:\\program files\\america's army\\system\\armyops.exe"= UDP:c:\program files\america's army\system\armyops.exe:ArmyOps.exe
"UDP Query User{6E3387EC-357B-459A-85DC-7E996E859198}c:\\program files\\america's army\\system\\armyops.exe"= TCP:c:\program files\america's army\system\armyops.exe:ArmyOps.exe
"{6EC8190D-5B84-4149-B363-56A0D144B3B3}"= c:\program files\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransX.exe:XNA Game Studio 3.0 Transport
"{FBAB6119-AF95-4A0E-895C-4686CDF45A69}"= c:\program files\Microsoft XNA\XNA Game Studio\v3.0\Bin\XnaLiveProxy.exe:XNA Framework Games for Windows - LIVE
"TCP Query User{10B6C232-7DB6-47F0-930F-74E4C5D677CA}c:\\program files\\trillian\\trillian.exe"= UDP:c:\program files\trillian\trillian.exe:Trillian
"UDP Query User{595517F9-A30D-4788-AD90-DB7980F4715A}c:\\program files\\trillian\\trillian.exe"= TCP:c:\program files\trillian\trillian.exe:Trillian
"TCP Query User{44384EEB-EC1F-4175-AAFE-3D939862C301}c:\\program files\\trillian\\trillian.exe"= UDP:c:\program files\trillian\trillian.exe:Trillian
"UDP Query User{DB4A62D3-429E-4289-8D30-FDDAC0D4EDC5}c:\\program files\\trillian\\trillian.exe"= TCP:c:\program files\trillian\trillian.exe:Trillian
"{D2050B12-34AA-44AC-93F9-18E9E96AF50F}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{2A9C0F21-57E9-4E15-8344-2DE886E7CCFF}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{FD1D9F7C-5B0C-4A12-BD15-EA83F3BB3321}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{6F67561E-7897-4388-B0C7-4F246CA04216}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A5403F82-6EC9-4F41-989C-A17C3C575337}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{D96F53FF-BF16-491D-B977-6DCD56641D8A}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{347576C8-CB4F-49F1-A770-4FE581C3C4B1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{81B3D61F-25C3-46E0-AAC9-9FF7D8D2395D}"= UDP:c:\program files\AIM6\aim.exe:AIM
"{754CF518-2934-4FF5-8DAF-429F05308188}"= TCP:c:\program files\AIM6\aim.exe:AIM
"{3B2E85E5-0068-4353-B86D-B8296C88F560}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{6DF916E4-E245-4AFB-A912-321E065AEEAE}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{2B7BF2E4-F7C8-4499-A2E1-7075A43593AF}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe:Sins of a Solar Empire - Entrenchment
"{56A0191B-3B09-47DF-BAC6-277F30B111AF}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire Entrenchment.exe:Sins of a Solar Empire - Entrenchment
"{B173AB85-851F-4F0B-B168-CC5D1B2CA193}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{C8E288A5-8A59-4951-9CF7-0C6A537869E4}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{0E0AD039-83A9-49FC-93F4-CDFA35F11F0F}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{30CAC273-A87B-4102-9B41-6768A72130AF}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{F95D2DD6-473F-4331-8598-3EAB5201D2DD}"= c:Program FilesPando NetworksMedia BoosterPMB.exe:Pando Media Booster
"TCP Query User{C28BE714-6487-4A5D-B7E5-377C5277EFAB}c:\\program files\\pando networks\\media booster\\pmb.exe"= UDP:c:\program files\pando networks\media booster\pmb.exe:Pando Media Booster
"UDP Query User{4ABD329B-9223-4ADC-B236-C9543EB1B2B1}c:\\program files\\pando networks\\media booster\\pmb.exe"= TCP:c:\program files\pando networks\media booster\pmb.exe:Pando Media Booster
"{6AD1405C-282D-4E89-BEA4-2CFEE2025645}"= UDP:c:\program files\Spyware Doctor\pctsGui.exe:Spyware Doctor
"{8F79CBF1-149B-4651-A2BD-66E059AA8475}"= TCP:c:\program files\Spyware Doctor\pctsGui.exe:Spyware Doctor

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [7/10/2009 1:27 AM 64160]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [7/12/2009 1:39 AM 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [4/23/2009 11:19 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [4/23/2009 11:19 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/23/2009 11:19 PM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/23/2009 11:19 PM 298776]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [8/4/2008 1:43 PM 361808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [8/4/2008 12:15 PM 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [5/9/2008 2:17 PM 43040]
R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\System32\drivers\OA004Ufd.sys [6/3/2008 10:30 AM 144672]
R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\System32\drivers\OA004Vid.sys [7/17/2008 6:01 PM 269760]
S2 gupdate1c9de69c2dbfe81;Google Update Service (gupdate1c9de69c2dbfe81);c:\program files\Google\Update\GoogleUpdate.exe [5/26/2009 8:23 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [12/29/2008 4:47 PM 38496]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/12/2009 1:38 AM 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-07-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 01:22]

2009-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 01:22]

2009-07-10 c:\windows\Tasks\HPCeeScheduleForWill.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-04 03:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\yibvvqpt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=108&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\yibvvqpt.default\extensions\[email protected]\plugins\npiaplayer.dll
FF - plugin: c:\users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\yibvvqpt.default\extensions\[email protected]\plugins\npRACtrl.dll
FF - plugin: c:\users\Will\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-12 17:30
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-12 17:35
ComboFix-quarantined-files.txt 2009-07-12 22:35
ComboFix2.txt 2009-07-12 21:38

Pre-Run: 179,360,202,752 bytes free
Post-Run: 179,285,082,112 bytes free

377 --- E O F --- 2009-07-12 17:33
  • 0

#10
Rorschach112
Posted 12 July 2009 - 05:08 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
can you do this guide here

http://www.geekstogo...ds-t238947.html
  • 0

#11
Sudy Nimm
Posted 12 July 2009 - 05:20 PM

Sudy Nimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Alright, I removed Yoog. Here's the log.

--------------------------------------------

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "http://www28.yoog.co.../search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www28.yoog.co.../search.php?q=" removed from keyword.URL
C:\Users\Will\AppData\Roaming\Mozilla\FireFox\Profiles\yibvvqpt.default\user.js moved successfully.
Prefs.js: "Yoog Search" removed from browser.search.defaultenginename
Prefs.js: "http://www14.yoog.co.../search.php?q=" removed from browser.search.defaulturl
Prefs.js: "Yoog Search" removed from browser.search.selectedEngine
Prefs.js: "http://www14.yoog.co.../search.php?q=" removed from keyword.URL
Prefs.js: "http://www8.yoog.com.../search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www8.yoog.com.../search.php?q=" removed from keyword.URL
Prefs.js: "http://www15.yoog.co.../search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www7.yoog.com.../search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www7.yoog.com.../search.php?q=" removed from keyword.URL
Prefs.js: "http://www13.yoog.co.../search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www13.yoog.co.../search.php?q=" removed from keyword.URL
Prefs.js: "http://www3.yoog.com.../search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www3.yoog.com.../search.php?q=" removed from keyword.URL
Prefs.js: "http://www10.yoog.co.../search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www10.yoog.co.../search.php?q=" removed from keyword.URL
Prefs.js: "http://www11.yoog.co.../search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www11.yoog.co.../search.php?q=" removed from keyword.URL
Prefs.js: "http://www2.yoog.com.../search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www2.yoog.com.../search.php?q=" removed from keyword.URL
Prefs.js: "http://www26.yoog.co.../search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www26.yoog.co.../search.php?q=" removed from keyword.URL
Prefs.js: "http://www5.yoog.com.../search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www5.yoog.com.../search.php?q=" removed from keyword.URL
Prefs.js: "http://www1.yoog.com.../search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www1.yoog.com.../search.php?q=" removed from keyword.URL
Prefs.js: "http://www9.yoog.com.../search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www9.yoog.com.../search.php?q=" removed from keyword.URL
Prefs.js: "http://www6.yoog.com.../search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www6.yoog.com.../search.php?q=" removed from keyword.URL
Prefs.js: "http://www27.yoog.co.../search.php?q=" removed from browser.search.defaulturl
Prefs.js: "http://www27.yoog.co.../search.php?q=" removed from keyword.URL
========== FILES ==========
File/Folder C:\Program Files\IEToolbar not found.
File/Folder C:\Program Files\Mozilla Firefox\components\nsadzgalore.dll not found.
File/Folder C:\Program Files\Mozilla Firefox\components\nsadsoftinc.dll not found.
File/Folder C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll not found.
File/Folder C:\Program Files\Mozilla Firefox\searchplugins\Yoog.xml not found.
File/Folder C:\Program Files\Mozilla Firefox\components\nsBrowserDc.dll not found.
File/Folder C:\Program Files\Mozilla Firefox\components\nsdcads.dll not found.
File/Folder C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\Yoog Search.xml not found.
File/Folder C:\Program Files\Mozilla Firefox\components\mexmgzdhgnvqilpib.dll not found.
File/Folder C:\Windows\system32\mexmgzdhgnvqilpib.dll not found.
File/Folder C:\Program Files\mozilla firefox\components\zvakwomxas.dll not found.
File/Folder C:\Windows\system32\zawcukanoit.exe not found.
File/Folder C:\Windows\System32\lkvwtxiako.dll not found.
File/Folder C:\Windows\system32\zvakwomxas.dll not found.
File/Folder C:\Windows\system32\dgbzetddjouspgzqz.dll not found.
File/Folder C:\Windows\System32\nsn*.dll not found.
File/Folder C:\Windows\nmwi*.exe not found.
File/Folder C:\Windows\system32\nsx*.dll not found.
File/Folder C:\Windows\system32\nsj*.dll not found.
File/Folder C:\Windows\system32\nsv*.dll not found.
File/Folder C:\Windows\system32\nsf*.dll not found.
File/Folder C:\Windows\mutfp*.exe not found.
File/Folder C:\Windows\obwu*.exe not found.
File/Folder C:\Windows\ntaj*.exe not found.
File/Folder C:\Windows\nwuhr*.exe not found.
File/Folder C:\Windows\System32\nss*.dll not found.
File/Folder C:\Windows\system32\*-uninst.exe not found.
C:\Windows\system32\cont_adsoftinc-remove.exe moved successfully.
File/Folder C:\Windows\system32\nsr*.dll not found.
File/Folder C:\Windows\reax*.exe not found.
File/Folder C:\Windows\giptf*.exe not found.
File/Folder C:\Windows\tkoo*.exe not found.
File/Folder C:\Windows\axjth*.exe not found.
File/Folder C:\Windows\ertbg*.exe not found.
File/Folder C:\Windows\jnnmp*.exe not found.
File/Folder C:\Windows\bprxe*.exe not found.
File/Folder C:\Windows\xwisg*.exe not found.
File/Folder C:\Windows\jpng*.exe not found.
File/Folder C:\Windows\fhsv*.exe not found.
File/Folder C:\Windows\dfmqc*.exe not found.
File/Folder C:\Windows\wgfp*.exe not found.
File/Folder C:\Windows\gweq*.exe not found.
File/Folder C:\Windows\pxwis*.exe not found.
File/Folder C:\Windows\fcvmq*.exe not found.
File/Folder C:\Windows\System32\hfkxlchuhv.dll not found.
File/Folder C:\Windows\System32\nst*.dll not found.
File/Folder C:\Windows\dmkv*.exe not found.
File/Folder C:\Windows\system32\nseE*.dll not found.
File/Folder C:\Windows\System32\nsk*.dll not found.
File/Folder C:\Windows\system32\mexmgzdhgnvqilpib.dll not found.
File/Folder C:\Windows\system32\ibgyxrpdcrlay.dll not found.
File/Folder C:\Windows\system32\ympweffizcodl.exe not found.
C:\Windows\kdiue732.txt moved successfully.
File/Folder C:\Windows\system32\jmcvcflmiugsrfia.exe not found.
File/Folder C:\Program Files\VnrBlock not found.
File/Folder C:\Program Files\iCheck not found.
File/Folder C:\Windows\tvilp*.exe not found.
File/Folder C:\Windows\itqot*.exe not found.
File/Folder C:\Windows\system32\wskuofzpxkxdb.exe not found.
File/Folder C:\Windows\tutvo*.exe not found.
File/Folder C:\Windows\hsep*.exe not found.
File/Folder C:\Windows\system32\pihtwcdtsghokinvg.dll not found.
File/Folder C:\Windows\system32\juluypfvhofv.dll not found.
DllUnregisterServer procedure not found in C:\Windows\system32\nsi.dll
C:\Windows\system32\nsi.dll NOT unregistered.
File move failed. C:\Windows\system32\nsi.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\nsisvc.dll
C:\Windows\system32\nsisvc.dll NOT unregistered.
File move failed. C:\Windows\system32\nsisvc.dll scheduled to be moved on reboot.
File/Folder C:\Windows\system32\nsl*.dll not found.
File/Folder C:\Windows\system32\gchnamepziopknko.dll not found.
File/Folder C:\Windows\system32\pihtwcdtsghokinvg.dll not found.
File/Folder C:\Windows\system32\yprhhrqubcbujp.exe not found.
File/Folder C:\Windows\system32\ucicolizrhssr.dll not found.
File/Folder C:\Windows\system32\hiwdrlnk.exe not found.
File/Folder C:\Windows\System32\nsg*.dll not found.
File/Folder C:\Windows\System32\jifgoojjyhmkthcfk.dll not found.
File/Folder C:\Users\Will\Start Menu\Programs\Startup\runit_32.lnk not found.
File/Folder C:\Program Files\runit not found.
File/Folder C:\Windows\System32\hokfklenusuebapl.dll not found.
File/Folder C:\Windows\System32\drsqpwimruypmc.dll not found.
File/Folder C:\Windows\System32\nsxE*.dll not found.
File/Folder C:\Program Files\Mozilla Firefox\components\drsqpwimruypmc.dll not found.
File/Folder C:\Program Files\Mozilla Firefox\components\hokfklenusuebapl.dll not found.
File/Folder C:\Windows\System32\kxzubfhuxew.exe not found.
File/Folder C:\Windows\System32\dsygtypzdloyoxivg.exe not found.
File/Folder C:\Windows\System32\qdfggdhhofhhylbfx.exe not found.
File/Folder C:\Program Files\mozilla firefox\components\????????-????-????-????-????????????.dll not found.
File/Folder C:\Windows\System32\????????-????-????-????-????????????.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0d2e786-354b-fea1-8de7-883e7524e6d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0d2e786-354b-fea1-8de7-883e7524e6d2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2fe5f61-3eb4-4e22-7c84-f52993635f52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2fe5f61-3eb4-4e22-7c84-f52993635f52}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f20e8516-7d08-c1e3-e689-96d39bb42220}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f20e8516-7d08-c1e3-e689-96d39bb42220}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ad7781e6-d262-25f8-389d-967a6d974748} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad7781e6-d262-25f8-389d-967a6d974748}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{314506e6-db9d-d679-08b6-c16f288ad5c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314506e6-db9d-d679-08b6-c16f288ad5c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC4A7813-6844-2FF3-D929-DCB471E346AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC4A7813-6844-2FF3-D929-DCB471E346AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77cab7d9-e377-ddfc-7d69-cd9cab0e10ff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77cab7d9-e377-ddfc-7d69-cd9cab0e10ff}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8620A38-0404-12B1-FA60-5A0C1FB1C6A5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8620A38-0404-12B1-FA60-5A0C1FB1C6A5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B188763A-902C-98E9-780E-DAA0BF25BBFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B188763A-902C-98E9-780E-DAA0BF25BBFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4c18a538-eb55-9029-1fdb-37769fbefee2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c18a538-eb55-9029-1fdb-37769fbefee2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{314506e6-db9d-d679-08b6-c16f288ad5c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314506e6-db9d-d679-08b6-c16f288ad5c9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AC4A7813-6844-2FF3-D929-DCB471E346AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC4A7813-6844-2FF3-D929-DCB471E346AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58b39041-fe10-d989-5b61-50d6fe664b48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58b39041-fe10-d989-5b61-50d6fe664b48}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{994b5fb4-0103-44a6-b6b3-c73572b362bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{994b5fb4-0103-44a6-b6b3-c73572b362bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8217294-fa91-dd4d-ba56-4561001b63c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8217294-fa91-dd4d-ba56-4561001b63c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{670b520c-3f08-4d72-94a5-047740c07766}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{670b520c-3f08-4d72-94a5-047740c07766}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78f9a905-789c-d4b1-d5d6-336920981691}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78f9a905-789c-d4b1-d5d6-336920981691}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78ff6579-e7fe-8225-43c1-3fe7864edc62}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78ff6579-e7fe-8225-43c1-3fe7864edc62}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e8217e11-e93b-fc21-7455-fea561f86263}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8217e11-e93b-fc21-7455-fea561f86263}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nlhbxrcsmhodrzf\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iztcfgmowgboporyl\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0b5b5ca3-3bec-e287-841a-52b690c5641a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b5b5ca3-3bec-e287-841a-52b690c5641a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8415b27c-0bd3-dcf3-6c9b-354472fd2f31}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8415b27c-0bd3-dcf3-6c9b-354472fd2f31}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a09d0f21-af0a-aba8-16d7-6b8ffabcb6a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a09d0f21-af0a-aba8-16d7-6b8ffabcb6a0}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.DERANGED
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 24635110 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 72077518 bytes

User: Public

User: Tiffany
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1351134 bytes
->Java cache emptied: 53602 bytes
->FireFox cache emptied: 37813010 bytes
->Google Chrome cache emptied: 6629872 bytes

User: Will
->Temp folder emptied: 33131 bytes
->Temporary Internet Files folder emptied: 4661739 bytes
->Java cache emptied: 19548290 bytes
->FireFox cache emptied: 56731355 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\Windows\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 213.21 mb


OTL by OldTimer - Version 3.0.7.1 log created on 07122009_181008

Files\Folders moved on Reboot...
DllUnregisterServer procedure not found in C:\Windows\system32\nsi.dll
C:\Windows\system32\nsi.dll NOT unregistered.
File move failed. C:\Windows\system32\nsi.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\nsisvc.dll
C:\Windows\system32\nsisvc.dll NOT unregistered.
File move failed. C:\Windows\system32\nsisvc.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#12
Rorschach112
Posted 12 July 2009 - 05:31 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#13
Sudy Nimm
Posted 12 July 2009 - 06:03 PM

Sudy Nimm

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hey, hey! The Malwarebyte found it! Thanks for all your help snuffing this pest out! I really appreciate it and will definitely come back to G2G for help.

Edited by Sudy Nimm, 12 July 2009 - 06:08 PM.

  • 0

#14
Rorschach112
Posted 13 July 2009 - 06:57 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP