Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virtumonde Victim [Solved]

Started by Krysis09 , Apr 28 2009 01:50 PM

  • This topic is locked This topic is locked

#1
Krysis09
Posted 28 April 2009 - 01:50 PM

Krysis09

    New Member

  • Member
  • Pip
  • 9 posts
Hello,

Yesterday my computer was attacked by a virus and continuously opened Internet Explorer/Firefox tabs and eventually prevented me from browsing webpages and even using my computer. I was able to run both MalwareBytes and Spybot Search & Destroy on my computer which together found over 40+ malware/spyware. I believe the programs removed a majority of them but, when I ran Spybot again (and three times after that), it continued to find Virtumonde trojans on my computer. I then came to this website and tried the Virtumonde self-help guide and downloaded VundoFix and scanned my computer - revealing a single infection, which it said it removed. I just wanted to know if you all have a program I can run on my computer and make sure that ALL infections are gone and done - and perhaps I can create some new, CLEAN system restores.

Thanks.
  • 0

Advertisements

#2
Essexboy
Posted 28 April 2009 - 01:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets see what you have first

Download Rooter.exe to your desktop
  • Doubleclick it to start the tool.
  • A Notepad file containing the report will open, also found at %systemdrive%(usually C:)\Rooter.txt. Copy and paste it with your OTLI log.

THEN

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#3
Krysis09
Posted 28 April 2009 - 02:57 PM

Krysis09

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Well, I tried to run the Rooter.exe but as soon as I opened it to run it - the program started then terminated almost immediately. I checked in my C:\ folder for a Rooter.txt and didn't find anything of the like. Another thing is that there is a Spybot popup open that reads: "Spybot - Search & Destroy has detected an important registry entry that has been changed.
Category: System Startup user entry
Change: Value added
Entry: crdmon.exe

New data: C:\WINDOWS\system32\ctfmon.exe

And it gives me the option to allow change or deny the change...

Anyway, here are the files that you asked for (minus the Rooter.exe, which did not run).


OTListIt.txt


OTListIt logfile created on: 4/28/2009 4:44:00 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.37 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 66.52% Memory free
1.61 Gb Paging File | 1.27 Gb Available in Paging File | 79.35% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 33.92 Gb Free Space | 30.35% Space Free | Partition Type: NTFS
Drive D: | 3.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UNEEK-I1Q62B3YI
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Documents and Settings\Owner\Application Data\pidle\pidle.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)
PRC - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - \?\globalroot\C:\WINDOWS\system32\rundll32.exe File not found
PRC - C:\Documents and Settings\Owner\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (6to4 [Disabled | Stopped]) -- C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation)
SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SRV - (Adobe LM Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Avg7Alrt [Auto | Running]) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)
SRV - (Avg7UpdSvc [Auto | Running]) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Macromedia Licensing Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (NetSvc [Disabled | Stopped]) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (NwSapAgent [Auto | Running]) -- C:\WINDOWS\System32\ipxsap.dll (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WANMiniportService [Auto | Running]) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (Avg7Core [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7core.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsW [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsXP [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys (GRISOFT, s.r.o.)
DRV - (AvgClean [System | Running]) -- C:\WINDOWS\System32\Drivers\avgclean.sys (GRISOFT, s.r.o.)
DRV - (bvrp_pci [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys (Motorola)
DRV - (MxlW2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (OMCI [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (P17 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (PfModNT [Auto | Running]) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RT2500USB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\rt2500usb.sys (Ralink Technology Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (Tcpip6 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbbus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (UsbDiag [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (VProt2k [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\VProt2k.SYS (BroadJump)
DRV - (VWan2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\VWan2k.SYS (BroadJump)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\altavista, = http://www.altavista.com/q?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\dictionary, = http://dictionary.re...com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay, = http://search.ebay.com/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\google, = http://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\grep, = http://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\hotmail, = http://www.hotmail.com
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\money, = http://moneycentral....o...&Company=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\msdn, = http://search.micros...p;siteid=us/dev
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\msn, = http://search.msn.co...FORM=SMCRT&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\slashdot, = http://www.slashdot.com
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\wikipedia, = http://en.wikipedia.....phtml?title=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\yahoo, = http://search.yahoo....bin/search?p=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\yahoomail, = http://mail.yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.1\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 02:52:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.1\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 02:52:19 | 00,000,000 | ---D | M]

[2009/04/28 02:52:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\1qv7111c.default\extensions
[2009/04/28 02:52:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/26 20:34:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3FB02580-5785-45F9-8A95-C4B423549917}
[2009/04/28 02:52:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/17 11:38:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/02 10:09:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/04/28 02:52:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/04/27 20:57:57 | 00,211,968 | ---- | M] () -- C:\Program Files\mozilla firefox\components\dfff.dll
[2006/12/12 23:12:30 | 00,066,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/12/12 23:12:31 | 00,054,352 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/12/12 23:12:32 | 00,034,928 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2006/12/12 23:12:33 | 00,046,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2006/12/12 23:12:34 | 00,172,120 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2006/12/05 00:15:23 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2006/12/05 00:15:23 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2006/12/05 00:15:23 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2006/12/05 00:15:23 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2006/12/05 00:15:23 | 00,002,320 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2006/12/05 00:15:23 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (304958 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 10525 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 ( )
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP File not found
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKCU..\Run: [autochk] rundll32.exe C:\DOCUME~1\Owner\protect.dll,_IWMPEvents@16 ( )
O4 - HKCU..\Run: [pidle] "C:\Documents and Settings\Owner\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ChkDisk.dll ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .csm - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .csml - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .cub - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .cube - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .dx - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .emb - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .embl - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .gau - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .jdx - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .mol - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .mop - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .pdb - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .rxn - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .scr - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .skc - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .spt - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .tgf - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .xyz - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} https://www.play.net...tivex/AXSAL.ocx (Launcher Class)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.c.../acclaim_v5.cab (GameLauncher Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - File not found
O18 - Protocol\Filter: - application/x-complus - File not found
O18 - Protocol\Filter: - application/x-msdownload - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\__c00DB04: DllName - C:\WINDOWS\system32\__c00DB04.dat - C:\WINDOWS\system32\__c00DB04.dat ()
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{298a5f4c-f7ce-11d8-afcb-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{298a5f4c-f7ce-11d8-afcb-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{298a5f4c-f7ce-11d8-afcb-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{41ac9eb7-e020-11db-afe2-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{41ac9eb7-e020-11db-afe2-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41ac9eb7-e020-11db-afe2-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{daee07f4-e6db-11dc-b0f2-00038a000015}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/04/28 16:42:16 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Rooter(2).exe
[2009/04/28 16:37:58 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/04/28 16:37:29 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/28 16:36:58 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/04/28 15:18:41 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/28 09:35:05 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\__c00DB04.dat
[2009/04/28 09:22:19 | 00,000,439 | ---- | C] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/04/28 03:03:53 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/04/28 03:03:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/28 02:53:17 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd162.exe
[2009/04/28 02:52:21 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/28 02:51:59 | 00,024,064 | -HS- | C] ( ) -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ChkDisk.dll
[2009/04/28 02:51:59 | 00,000,649 | -HS- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/04/28 02:51:58 | 00,024,064 | -HS- | C] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/04/28 02:51:56 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\lmppcsetup.exe
[2009/04/27 23:08:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/04/27 23:08:48 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/27 23:08:48 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/27 23:08:46 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/27 23:08:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/27 23:08:42 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/27 20:51:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Twain
[2009/04/27 20:49:52 | 00,104,960 | ---- | C] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/04/27 20:49:29 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\loader49.exe
[2009/04/27 12:49:28 | 00,021,504 | ---- | C] () -- C:\WINDOWS\System32\ak1.exe
[2009/04/27 10:36:51 | 00,409,088 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Female Presidency.doc
[2009/04/26 21:07:48 | 04,051,100 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Turning Me On.mp3
[2009/04/26 20:33:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\pidle
[2009/04/26 18:02:25 | 03,348,504 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Energy.mp3
[2009/04/25 21:25:59 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\QuickSort-Fast.xls
[2009/04/25 20:50:29 | 04,546,798 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Knock You Down.mp3
[2009/04/24 20:55:37 | 02,777,088 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Lockwood Info.doc
[2009/04/24 13:19:55 | 02,306,048 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Female Presidency-Person over Politics-1.ppt
[2009/04/23 22:23:10 | 00,224,768 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Powerpoint.ppt
[2009/04/23 21:10:59 | 00,067,899 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\somedaywoman.jpg
[2009/04/23 15:04:45 | 00,048,131 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hillaryclinton-for-president.jpg
[2009/04/15 04:33:44 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 04:33:44 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 04:33:43 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 04:33:43 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 04:33:42 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 04:33:42 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 04:33:41 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 04:33:41 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 04:33:41 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 04:29:20 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 04:29:19 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 04:29:19 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/13 13:10:17 | 00,882,688 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Mammy and Hegemony.ppt
[2009/04/10 19:31:22 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\projectdesc.doc
[2009/04/09 12:51:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Tbot
[2009/04/09 09:21:26 | 00,000,162 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\~$R SPCM 4310.doc
[2009/04/09 05:11:30 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\YKR SPCM4310 extra credit.doc
[2009/04/09 01:28:12 | 00,051,712 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\YKR SPCM 4310.doc
[2009/04/08 01:48:00 | 00,374,272 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Lockwood.doc
[2009/04/07 01:19:52 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/07 01:19:38 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/07 01:19:35 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/07 01:19:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/07 01:18:28 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/04/03 03:09:46 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Obinna's Intro Letter.doc
[2009/04/03 00:33:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/03 00:31:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Turbo_Crack_8.0
[2009/04/02 19:44:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\spam
[2009/04/02 18:27:59 | 00,015,972 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MediaPatcher_4784.rar
[2009/04/02 18:27:32 | 01,064,121 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Turbo_Crack_8.0.rar
[2009/03/31 09:13:45 | 00,000,000 | ---D | C] -- C:\Program Files\Silkroad
[2009/03/18 03:37:49 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/07/28 11:08:53 | 00,327,680 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/07/28 11:08:53 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2007/12/27 18:32:15 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\BJPPPoEInstaller.dll
[2007/07/26 19:06:22 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/26 19:03:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/28 16:19:07 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/03/28 16:19:07 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/03/28 16:19:07 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/03/28 16:19:06 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/03/28 02:12:28 | 00,002,158 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2007/01/28 13:59:25 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/01/14 18:15:21 | 00,000,775 | ---- | C] () -- C:\WINDOWS\GMUD32.INI
[2007/01/14 17:48:31 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/14 17:21:58 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/14 16:28:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2007/01/14 16:24:18 | 00,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/01/14 15:51:20 | 00,000,226 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/14 15:41:03 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2007/01/14 15:40:48 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2007/01/14 15:40:48 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2007/01/14 15:40:48 | 00,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2007/01/14 15:40:48 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/01/14 15:40:47 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2007/01/14 15:40:38 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/01/14 15:33:26 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/26 01:34:36 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2004/08/26 01:34:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2004/03/26 18:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 16:51:23 | 00,000,673 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/16 16:47:28 | 00,000,332 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[10 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/28 16:43:48 | 00,024,064 | -HS- | M] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/04/28 16:42:13 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Rooter(2).exe
[2009/04/28 16:38:10 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/04/28 16:37:11 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/04/28 16:06:54 | 00,027,648 | ---- | M] () -- C:\WINDOWS\System32\lmppcsetup.exe
[2009/04/28 15:52:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/28 15:52:51 | 00,000,439 | ---- | M] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/04/28 15:51:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/28 15:51:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/28 15:41:36 | 00,000,673 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/28 15:41:36 | 00,000,332 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/28 15:41:36 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/04/28 14:57:12 | 00,000,226 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/28 14:40:57 | 00,000,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/04/28 09:36:12 | 00,027,648 | ---- | M] () -- C:\WINDOWS\System32\__c00DB04.dat
[2009/04/28 03:06:23 | 00,304,958 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/04/28 03:03:53 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/04/28 03:00:02 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd162.exe
[2009/04/28 02:52:21 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/28 02:51:59 | 00,024,064 | -HS- | M] ( ) -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ChkDisk.dll
[2009/04/28 02:51:59 | 00,000,649 | -HS- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/04/28 02:35:51 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\rojijipa
[2009/04/27 23:08:48 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/27 21:51:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090428-030623.backup
[2009/04/27 20:49:45 | 00,104,960 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe
[2009/04/27 20:49:45 | 00,104,960 | ---- | M] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/04/27 20:49:32 | 00,029,696 | ---- | M] () -- C:\WINDOWS\System32\loader49.exe
[2009/04/27 20:48:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/27 12:49:28 | 00,021,504 | ---- | M] () -- C:\WINDOWS\System32\ak1.exe
[2009/04/27 12:29:01 | 00,409,088 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Female Presidency.doc
[2009/04/27 08:39:08 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\famuromu.exe
[2009/04/26 21:17:57 | 04,051,100 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Turning Me On.mp3
[2009/04/26 21:04:11 | 03,348,504 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Energy.mp3
[2009/04/26 20:39:48 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\kotakowe.exe
[2009/04/26 20:39:47 | 00,051,200 | -HS- | M] () -- C:\WINDOWS\System32\parakodo.exe
[2009/04/26 15:33:24 | 04,546,798 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Knock You Down.mp3
[2009/04/25 21:35:49 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\QuickSort-Fast.xls
[2009/04/25 15:28:54 | 01,101,632 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/04/24 20:55:38 | 02,777,088 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Lockwood Info.doc
[2009/04/24 14:27:54 | 02,306,048 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Female Presidency-Person over Politics-1.ppt
[2009/04/23 22:23:10 | 00,224,768 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Powerpoint.ppt
[2009/04/23 21:12:53 | 00,155,136 | -HS- | M] () -- C:\Documents and Settings\Owner\Desktop\Thumbs.db
[2009/04/23 21:12:46 | 00,067,899 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\somedaywoman.jpg
[2009/04/23 15:04:47 | 00,048,131 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hillaryclinton-for-president.jpg
[2009/04/16 22:32:33 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/15 19:21:22 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/13 13:20:57 | 00,882,688 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Mammy and Hegemony.ppt
[2009/04/10 19:31:22 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\projectdesc.doc
[2009/04/10 12:18:39 | 00,240,640 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/09 09:21:26 | 00,000,162 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\~$R SPCM 4310.doc
[2009/04/09 05:11:30 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\YKR SPCM4310 extra credit.doc
[2009/04/09 05:03:05 | 00,051,712 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\YKR SPCM 4310.doc
[2009/04/08 10:37:59 | 00,374,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Lockwood.doc
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/03 03:13:38 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Obinna's Intro Letter.doc
[2009/04/02 18:29:09 | 01,064,121 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Turbo_Crack_8.0.rar
[2009/04/02 18:28:00 | 00,015,972 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MediaPatcher_4784.rar
[2009/03/31 09:17:25 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Silkroad.lnk

========== LOP Check ==========

[2009/04/27 23:08:44 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/17 01:35:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/07 01:19:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/26 13:53:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/01/14 10:18:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/08/06 10:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2007/11/04 11:41:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/02/26 13:50:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/01/14 17:52:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/08/05 00:36:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/01/14 16:54:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/28 14:39:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2008/02/08 10:35:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/12/09 05:05:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2008/12/08 16:15:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/01/14 15:56:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2007/08/06 02:08:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FogelSoft
[2007/01/14 16:49:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2007/11/11 16:58:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/02/29 19:57:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gtek
[2007/12/11 01:55:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2007/11/11 17:14:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/01/29 22:49:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/04/27 23:08:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2007/10/29 20:24:39 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/05/08 11:49:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/03/04 13:13:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
[2008/09/01 21:45:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2007/03/17 05:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/04/28 14:39:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2007/09/04 19:35:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/04/14 19:25:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/26 13:53:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/01/15 23:14:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/28 02:36:26 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data
[2007/01/14 17:54:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2009/01/14 10:18:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2008/06/20 20:22:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2008/09/09 14:38:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2009/03/01 13:26:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG7
[2008/03/27 07:38:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2007/11/04 00:13:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Creative
[2007/08/17 22:29:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CyberLink
[2008/01/18 12:56:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dev-Cpp
[2007/02/21 00:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DivX
[2007/08/06 02:00:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FogelSoft
[2007/01/14 17:14:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\F-Secure
[2008/10/25 18:26:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\goombah
[2008/02/29 19:57:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GTek
[2007/10/06 09:27:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help
[2007/01/14 15:23:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2007/01/14 15:59:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jasc Software Inc
[2007/10/29 20:25:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lavasoft
[2007/01/15 17:44:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2007/07/14 11:51:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2009/04/27 23:08:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/03/29 20:12:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2009/04/27 22:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2008/09/01 21:45:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSN6
[2009/04/26 20:33:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pidle
[2008/10/25 13:56:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ruckus Network
[2008/03/15 23:00:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smith Micro
[2007/01/15 17:44:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sonic
[2007/01/28 14:06:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony Corporation
[2008/06/21 06:26:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StormFront
[2007/01/14 16:20:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2009/04/28 02:35:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Twain
[2009/03/29 20:52:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2007/10/18 16:38:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2007/03/22 02:18:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/04/27 20:48:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2003/07/16 16:36:49 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/28 15:51:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D4275BC
< End of report >

Extras.Txt


OTListIt Extras logfile created on: 4/28/2009 4:44:00 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.37 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 66.52% Memory free
1.61 Gb Paging File | 1.27 Gb Available in Paging File | 79.35% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 33.92 Gb Free Space | 30.35% Space Free | Partition Type: NTFS
Drive D: | 3.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UNEEK-I1Q62B3YI
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = regfile] -- regedit.exe "%1"
.scr [@ = scrFile] -- "%1" /s

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader: 6112
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\TorqueMMOKit\pythonw.exe:*:Enabled:TorqueMMOKit File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows (Ares Development Group)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Documents and Settings\Owner\Black & White\runblack.exe:*:Enabled:lh File not found
C:\Documents and Settings\Owner\Local Settings\Temp\nse28.tmp\utorrent.exe:*:Enabled:µTorrent File not found
C:\Documents and Settings\Owner\Local Settings\Temp\nsc166.tmp\utorrent.exe:*:Enabled:µTorrent File not found
C:\Documents and Settings\Owner\Local Settings\Temp\nsb1C6.tmp\utorrent.exe:*:Enabled:µTorrent File not found
C:\Documents and Settings\Owner\Local Settings\Temp\nsp6E.tmp\utorrent.exe:*:Enabled:µTorrent File not found
C:\Documents and Settings\Owner\Local Settings\Temp\nsl33.tmp\utorrent.exe:*:Enabled:µTorrent File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe (GRISOFT, s.r.o.)
C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe (GRISOFT, s.r.o.)
C:\Documents and Settings\Owner\Desktop\SRObot\Revbot\MultiSocket.exe:*:Enabled:MultiSocket File not found
C:\Documents and Settings\Owner\Desktop\SRObot\Revbot\nuConnector3a.exe:*:Enabled:nuConnector3a File not found
C:\Documents and Settings\Owner\Desktop\Bot\srobot.exe:*:Enabled:HookSrv File not found
C:\Documents and Settings\Owner\Desktop\bot\MultiSocket.exe:*:Enabled:MultiSocket File not found
C:\Documents and Settings\Owner\Desktop\bot\nuConnector.exe:*:Enabled:nuConnector File not found
C:\Documents and Settings\Owner\Desktop\SRoBot\MultiSocket.exe:*:Enabled:MultiSocket File not found
C:\Documents and Settings\Owner\Desktop\SRoBot\nuConnector.exe:*:Enabled:nuConnector File not found
C:\Program Files\Silkroad\bot\legend II bot\srobot.exe:*:Enabled:HookSrv File not found
C:\Documents and Settings\Owner\Desktop\RevBot\nuConnector.exe:*:Enabled:nuConnector File not found
C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus (Azureus Inc)
C:\Documents and Settings\Owner\Desktop\agBot\nuConnector6.exe:*:Enabled:nuConnector6 File not found
C:\Python25\python.exe:*:Enabled:python ()
C:\TorqueMMOKit\pythonw.exe:*:Enabled:TorqueMMOKit File not found
C:\Python25\pythonw.exe:*:Enabled:pythonw ()
C:\Documents and Settings\Owner\Desktop\SRO_NEW_Full-Client_Downloader.exe:*:Enabled:Full-Client Downloader (Joymax)
C:\Program Files\Ruckus Player\Ruckus.exe:*:Enabled:Ruckus Player File not found
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client File not found
C:\Program Files\World of Warcraft\WoW-3.0.1-to-3.0.2-enUS-Win-Update-downloader.exe:*:Enabled:Blizzard Downloader File not found
C:\Documents and Settings\Owner\Desktop\Turbo_Crack_8.0\Turbo Crack 8.0\edx33.exe:*:Enabled:edx33 ()
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}" = Adobe Audition 2.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2260632D-9998-4ADC-8D81-D228FEA8F9FE}" = BroadJump PPPoE
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{32A3A4F4-B792-11D6-A78A-00B0D0150070}" = J2SE Development Kit 5.0 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{46761278-BF32-4008-833B-93487FF0A06E}" = MDL Chime/Chime Pro for Internet Explorer
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6102D63A-9387-4FC8-98E4-181121F8C0BA}" = MPlugin
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CC71D6E9-7E45-4809-A0B4-339DE69EC17C}" = BellSouth® FastAccess® Connection Agent
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F443F171-B49B-4645-915C-580E7ED79992}" = Macromedia Extension Manager
"{FE36AF0E-C5C1-409E-A1AF-DC812F3F75F9}" = Anti-Virus Client Security
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Audition 2.0" = Adobe Audition 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AI RoboForm" = AI RoboForm (All Users)
"AIM_6" = AIM 6
"Ares" = Ares 2.0.1
"ASIO4ALL" = ASIO4ALL
"AVG7Uninstall" = AVG 7.5
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Collab" = Collab
"Cucusoft DVD to iPod + iPod Video Converter_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 2.8.3.7
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"FL Studio 8" = FL Studio 8
"Game Accelerator" = Game Accelerator (remove only)
"HijackThis" = HijackThis 1.99.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IL Download Manager" = IL Download Manager
"iPod to Computer Transfer Safe_is1" = iPod to Computer Transfer Safe 5
"JCreator LE_is1" = JCreator LE 4.00
"LG USB Drivers" = LG USB Drivers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maxthon" = Maxthon Browser (remove only)
"Mozilla Firefox (2.0.0.1)" = Mozilla Firefox (2.0.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MySQL-python-py2.5" = Python 2.5 MySQL-python-1.2.2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenSSL_is1" = OpenSSL 0.9.8e
"PoiZone" = PoiZone
"PROSet" = Intel® PRO Network Adapters and Drivers
"pycrypto-py2.5" = Python 2.5 pycrypto-2.0.1
"pyOpenSSL-py2.5" = Python 2.5 pyOpenSSL-0.6
"pywin32-py2.5" = Python 2.5 pywin32-210
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Silkroad" = Silkroad
"Toxic Biohazard" = Toxic Biohazard
"Twisted (Python 2.5)_is1" = Twisted 2.5.0 (Python 2.5)
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Task Tips" = Visual Task Tips 2.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"wxPython2.8-unicode-py25_is1" = wxPython 2.8.4.2 (unicode) for Python 2.5

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/27/2009 10:28:50 PM | Computer Name = UNEEK-I1Q62B3YI | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/27/2009 10:47:07 PM | Computer Name = UNEEK-I1Q62B3YI | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/28/2009 2:37:14 AM | Computer Name = UNEEK-I1Q62B3YI | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/28/2009 2:44:09 AM | Computer Name = UNEEK-I1Q62B3YI | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00002476.

Error - 4/28/2009 2:44:38 AM | Computer Name = UNEEK-I1Q62B3YI | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00002476.

Error - 4/28/2009 2:45:48 AM | Computer Name = UNEEK-I1Q62B3YI | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00019c2f.

Error - 4/28/2009 9:20:49 AM | Computer Name = UNEEK-I1Q62B3YI | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/28/2009 2:39:31 PM | Computer Name = UNEEK-I1Q62B3YI | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/28/2009 3:34:30 PM | Computer Name = UNEEK-I1Q62B3YI | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 4/28/2009 3:52:43 PM | Computer Name = UNEEK-I1Q62B3YI | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

[ System Events ]
Error - 4/28/2009 8:54:24 AM | Computer Name = UNEEK-I1Q62B3YI | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 4/28/2009 8:54:24 AM | Computer Name = UNEEK-I1Q62B3YI | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 4/28/2009 8:54:24 AM | Computer Name = UNEEK-I1Q62B3YI | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/28/2009 8:54:24 AM | Computer Name = UNEEK-I1Q62B3YI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Avg7Core Avg7RsW Avg7RsXP Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip
Tcpip6
WS2IFSL

Error - 4/28/2009 9:19:10 AM | Computer Name = UNEEK-I1Q62B3YI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/28/2009 9:20:31 AM | Computer Name = UNEEK-I1Q62B3YI | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 4/28/2009 9:22:11 AM | Computer Name = UNEEK-I1Q62B3YI | Source = Service Control Manager | ID = 7022
Description = The IPv6 Helper Service service hung on starting.

Error - 4/28/2009 2:39:13 PM | Computer Name = UNEEK-I1Q62B3YI | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.

Error - 4/28/2009 2:40:53 PM | Computer Name = UNEEK-I1Q62B3YI | Source = Service Control Manager | ID = 7022
Description = The IPv6 Helper Service service hung on starting.

Error - 4/28/2009 3:34:12 PM | Computer Name = UNEEK-I1Q62B3YI | Source = NETLOGON | ID = 3095
Description = This computer is configured as a member of a workgroup, not as a member
of a domain. The Netlogon service does not need to run in this configuration.


< End of report >


Thanks in advance!
  • 0

#4
Essexboy
Posted 28 April 2009 - 03:28 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK you are still badly infected. AVG is currently at version 8 and you are still using 7 this will need to be updated later

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTLI
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Application Data\pidle\pidle.exe ()
PRC - \?\globalroot\C:\WINDOWS\system32\rundll32.exe File not found
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O2 - BHO: (no name) - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 ( )
O4 - HKCU..\Run: [autochk] rundll32.exe C:\DOCUME~1\Owner\protect.dll,_IWMPEvents@16 ( )
O4 - HKCU..\Run: [pidle] "C:\Documents and Settings\Owner\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ChkDisk.dll ( )
O20 - Winlogon\Notify\__c00DB04: DllName - C:\WINDOWS\system32\__c00DB04.dat - C:\WINDOWS\system32\__c00DB04.dat ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
[2009/04/28 09:22:19 | 00,000,439 | ---- | C] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/04/27 20:49:29 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\loader49.exe
[2009/04/27 12:49:28 | 00,021,504 | ---- | C] () -- C:\WINDOWS\System32\ak1.exe
[2009/04/28 02:35:51 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\rojijipa
[2009/04/27 08:39:08 | 00,052,224 | -HS- | M] () -- C:\WINDOWS\System32\famuromu.exe
[2009/04/26 20:39:48 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\kotakowe.exe
[2009/04/26 20:39:47 | 00,051,200 | -HS- | M] () -- C:\WINDOWS\System32\parakodo.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

THEN

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a OTListit log so we can continue cleaning the system.

  • 0

#5
Krysis09
Posted 28 April 2009 - 09:20 PM

Krysis09

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
So, I tried to use the OTList2 with the custom script and let it run for 2+ hours and when I came back the program seemed to have been non-responsive. It had: "Processing PRC - \? \globalroot\C:\WINDOWS\system32\rundll32.exe Found not found... Tried twice more (waiting approx. 30 for each) and the same result...

So, I just ran ComboFix.exe and here's the log:

ComboFix - log.txt



ComboFix 09-04-28.02 - Owner 04/28/2009 22:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.982 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG 7.5.503 *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\LocalService\protect.dll
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Owner\protect.dll
c:\documents and settings\Owner\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Owner\Start Menu\Programs\Startup\ChkDisk.lnk
c:\program files\INSTALL.LOG
c:\windows\system32\__c00DB04.dat
c:\windows\system32\ak1.exe
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\ovfsthorlcnljtbbxuiemcpodelvvfbqfajbtj.sys
c:\windows\system32\ovfsthhaoovajhpbnwkwsapxljqxbiehumoqbm.dll
c:\windows\system32\ovfsthigiodqxvcfyymoswfmeeacqbntbyfwvv.dat
c:\windows\system32\ovfsthnwwlckxxvjylfsbjsfiptvhlkvyyiprm.dat
c:\windows\system32\ovfsthsagyjnmruytmmupwgevychafpsqhqnmn.dll
c:\windows\system32\ovfsthulfmnirsnhmnvsapsqwdakekpbodgrvx.dll
c:\windows\system32\win32hlp.cnf

----- BITS: Possible infected sites -----

hxxp://82.98.235.228
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\userinit.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-28 22:58 . 2009-04-29 02:07 27648 ----a-w c:\windows\system32\lmppcsetup.exe
2009-04-28 21:40 . 2009-04-28 21:40 -------- d-----w C:\_OTListIt
2009-04-28 20:37 . 2009-04-28 20:37 -------- d-----w C:\Rooter$
2009-04-28 19:18 . 2009-04-28 19:18 -------- d-----w C:\VundoFix Backups
2009-04-28 07:03 . 2009-04-28 07:03 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-28 03:08 . 2009-04-28 03:08 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-04-28 03:08 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-28 03:08 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-28 03:08 . 2009-04-28 03:08 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-28 03:08 . 2009-04-28 03:08 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-28 00:51 . 2009-04-28 06:35 -------- d-----w c:\documents and settings\Owner\Application Data\Twain
2009-04-28 00:49 . 2009-04-28 00:49 29696 ----a-w c:\windows\system32\loader49.exe
2009-04-27 00:33 . 2009-04-27 00:33 -------- d-----w c:\documents and settings\Owner\Application Data\pidle
2009-04-15 08:33 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 08:33 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 08:33 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 08:33 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 08:33 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 08:33 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 08:33 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 08:33 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 08:33 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 08:29 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 08:29 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-07 05:19 . 2009-04-07 05:19 -------- d-----w c:\program files\iPod
2009-04-07 05:19 . 2009-04-07 05:19 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 05:19 . 2009-04-07 05:19 -------- d-----w c:\program files\iTunes
2009-04-07 05:18 . 2009-04-07 05:18 -------- d-----w c:\program files\Bonjour
2009-04-03 04:33 . 2009-04-14 23:25 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-31 13:13 . 2009-04-14 14:18 -------- d-----w c:\program files\Silkroad

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 02:23 . 2009-04-28 02:26 164020 ----a-w c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
2009-04-27 12:39 . 2009-01-27 12:39 52224 --sha-w c:\windows\system32\famuromu.exe
2009-04-27 00:39 . 2009-01-27 00:39 124928 --sha-w c:\windows\system32\kotakowe.exe
2009-04-27 00:39 . 2009-01-27 00:39 51200 --sha-w c:\windows\system32\parakodo.exe
2009-04-27 00:33 . 2009-04-27 00:33 182911 ----a-w c:\windows\system32\prnet.tmp
2009-04-27 00:19 . 2009-04-27 00:18 862370 ----a-w c:\windows\system32\rn.tmp
2009-04-15 23:30 . 2008-03-11 19:28 3218 ----a-w c:\windows\system32\PerfStringBackup.TMP
2009-04-09 17:34 . 2009-03-18 07:36 -------- d-----w c:\program files\Game Accelerator
2009-04-07 05:19 . 2007-08-05 04:36 -------- d-----w c:\program files\Common Files\Apple
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 22:08 . 2008-12-08 20:13 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-18 21:53 . 2007-01-14 19:27 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-17 05:33 . 2008-09-18 21:52 -------- d-----w c:\program files\QuickTime
2009-03-16 23:04 . 2008-03-15 07:28 -------- d-----w c:\program files\iPod to Computer Transfer Safe
2009-03-06 14:22 . 2003-07-16 20:41 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-17 05:30 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2008-01-20 02:07 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2006-06-23 16:33 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2003-07-16 20:32 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-07-26 04:31 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2003-07-16 20:39 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2003-07-16 20:23 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2003-07-16 20:51 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2002-08-29 01:04 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2003-07-16 20:44 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2003-07-16 20:39 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2003-07-16 20:43 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2003-07-16 20:44 56832 ----a-w c:\windows\system32\secur32.dll
2008-12-08 23:51 . 2008-12-08 23:51 463 ----a-w c:\program files\InstallWoW.log
2008-12-08 23:11 . 2008-12-08 23:11 1131176 ----a-w c:\program files\WoW-installer-3.0.1.8874-x86-Win-enUS.exe
2007-07-26 21:01 . 2007-11-21 01:39 114688 ----a-w c:\program files\internet explorer\plugins\ChimeShim.dll
2009-04-28 00:57 . 2009-04-28 00:57 211968 ----a-w c:\program files\mozilla firefox\components\dfff.dll
2006-12-13 03:12 . 2009-04-28 06:52 66648 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-12-13 03:12 . 2009-04-28 06:52 54352 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-13 03:12 . 2009-04-28 06:52 34928 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-12-13 03:12 . 2009-04-28 06:52 46696 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-12-13 03:12 . 2009-04-28 06:52 172120 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pidle"="c:\documents and settings\Owner\Application Data\pidle\pidle.exe" [2009-04-27 56832]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2007-11-11 579072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-03-17 144448]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-11-11 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk
backup=c:\windows\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WudfSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"VSS"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RemoteAccess"=3 (0x3)
"RDSessMgr"=3 (0x3)
"NetSvc"=3 (0x3)
"Netlogon"=2 (0x2)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"aspnet_state"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"6to4"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Python25\\python.exe"=
"c:\\Python25\\pythonw.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\SRO_NEW_Full-Client_Downloader.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Turbo_Crack_8.0\\Turbo Crack 8.0\\edx33.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader: 6112
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 httur;httur; [x]
R3 XDva068;XDva068; [x]
S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2008-04-14 14336]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 VProt2k;BroadJump PPPoE Helper Protocol;c:\windows\system32\DRIVERS\VProt2k.SYS [2003-05-04 16689]
S3 VWan2k;BroadJump PPPoE Adapter;c:\windows\system32\DRIVERS\VWan2k.SYS [2003-05-04 29131]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{298a5f4c-f7ce-11d8-afcb-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41ac9eb7-e020-11db-afe2-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{daee07f4-e6db-11dc-b0f2-00038a000015}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-autochk - c:\windows\system32\autochk.dll
HKU-Default-Run-Windows Resurections - c:\windows\TEMP\lyatq.exe
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\2441388970.exe
HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll
Notify-__c00DB04 - c:\windows\system32\__c00DB04.dat


.
------- Supplementary Scan -------
.
uStart Page = hxxp://hometab.bellsouth.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{85e1f530-48f4-11d9-9629-08ff2ffc9f67}
DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - hxxps://www.play.net/components/activex/AXSAL.ocx
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1qv7111c.default\
FF - component: c:\program files\Mozilla Firefox\components\dfff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 22:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-861567501-308236825-725345543-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-861567501-308236825-725345543-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-861567501-308236825-725345543-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-861567501-308236825-725345543-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2292)
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\wanmpsvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-04-29 23:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-29 03:04

Pre-Run: 40,222,887,936 bytes free
Post-Run: 42,873,073,664 bytes free

301 --- E O F --- 2009-04-15 23:21



  • 0

#6
Essexboy
Posted 29 April 2009 - 02:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is your computer running now ?

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\loader49.exe
c:\windows\system32\famuromu.exe
c:\windows\system32\kotakowe.exe
c:\windows\system32\parakodo.exe
c:\windows\system32\prnet.tmp
c:\windows\system32\rn.tmp

Folder::
c:\documents and settings\Owner\Application Data\pidle

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pidle"=-

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A newOTListit log.

  • 0

#7
Krysis09
Posted 29 April 2009 - 08:19 AM

Krysis09

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
My computer is working MUCH better now (it recognizes my iPod and other devices now), thank you! I do, however, want to know what to do about this Spybot popup that says: "Spybot - Search & Destroy has detected an important registry entry that has been changed.
Category: System Startup user entry
Change: Value added
Entry: crdmon.exe

New data: C:\WINDOWS\system32\ctfmon.exe

Anyway, here's the logs:

ComboFix.exe



ComboFix 09-04-28.02 - Owner 04/29/2009 10:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.883 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG 7.5.503 *On-access scanning disabled* (Outdated)

FILE ::
c:\windows\system32\famuromu.exe
c:\windows\system32\kotakowe.exe
c:\windows\system32\loader49.exe
c:\windows\system32\parakodo.exe
c:\windows\system32\prnet.tmp
c:\windows\system32\rn.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\pidle
c:\documents and settings\Owner\Application Data\pidle\pidle.exe
c:\windows\system32\famuromu.exe
c:\windows\system32\kotakowe.exe
c:\windows\system32\loader49.exe
c:\windows\system32\parakodo.exe
c:\windows\system32\prnet.tmp
c:\windows\system32\rn.tmp

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-28 22:58 . 2009-04-29 02:07 27648 ----a-w c:\windows\system32\lmppcsetup.exe
2009-04-28 21:40 . 2009-04-28 21:40 -------- d-----w C:\_OTListIt
2009-04-28 20:37 . 2009-04-28 20:37 -------- d-----w C:\Rooter$
2009-04-28 19:18 . 2009-04-28 19:18 -------- d-----w C:\VundoFix Backups
2009-04-28 07:03 . 2009-04-28 07:03 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-28 03:08 . 2009-04-28 03:08 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-04-28 03:08 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-28 03:08 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-28 03:08 . 2009-04-28 03:08 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-28 03:08 . 2009-04-28 03:08 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-28 00:51 . 2009-04-28 06:35 -------- d-----w c:\documents and settings\Owner\Application Data\Twain
2009-04-15 08:33 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 08:33 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 08:33 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 08:33 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 08:33 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 08:33 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 08:33 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 08:33 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 08:33 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 08:29 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 08:29 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-07 05:19 . 2009-04-07 05:19 -------- d-----w c:\program files\iPod
2009-04-07 05:19 . 2009-04-07 05:19 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 05:19 . 2009-04-07 05:19 -------- d-----w c:\program files\iTunes
2009-04-07 05:18 . 2009-04-07 05:18 -------- d-----w c:\program files\Bonjour
2009-04-03 04:33 . 2009-04-14 23:25 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-31 13:13 . 2009-04-14 14:18 -------- d-----w c:\program files\Silkroad

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 02:23 . 2009-04-28 02:26 164020 ----a-w c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
2009-04-15 23:30 . 2008-03-11 19:28 3218 ----a-w c:\windows\system32\PerfStringBackup.TMP
2009-04-09 17:34 . 2009-03-18 07:36 -------- d-----w c:\program files\Game Accelerator
2009-04-07 05:19 . 2007-08-05 04:36 -------- d-----w c:\program files\Common Files\Apple
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 22:08 . 2008-12-08 20:13 -------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-18 21:53 . 2007-01-14 19:27 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-17 05:33 . 2008-09-18 21:52 -------- d-----w c:\program files\QuickTime
2009-03-16 23:04 . 2008-03-15 07:28 -------- d-----w c:\program files\iPod to Computer Transfer Safe
2009-03-06 14:22 . 2003-07-16 20:41 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 03:59 . 2009-03-17 05:30 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2008-01-20 02:07 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2006-06-23 16:33 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2003-07-16 20:32 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-07-26 04:31 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2003-07-16 20:39 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2003-07-16 20:23 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2003-07-16 20:51 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2002-08-29 01:04 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2003-07-16 20:44 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2003-07-16 20:39 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2003-07-16 20:43 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2003-07-16 20:44 56832 ----a-w c:\windows\system32\secur32.dll
2008-12-08 23:51 . 2008-12-08 23:51 463 ----a-w c:\program files\InstallWoW.log
2008-12-08 23:11 . 2008-12-08 23:11 1131176 ----a-w c:\program files\WoW-installer-3.0.1.8874-x86-Win-enUS.exe
2007-07-26 21:01 . 2007-11-21 01:39 114688 ----a-w c:\program files\internet explorer\plugins\ChimeShim.dll
2009-04-28 00:57 . 2009-04-28 00:57 211968 ----a-w c:\program files\mozilla firefox\components\dfff.dll
2006-12-13 03:12 . 2009-04-28 06:52 66648 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-12-13 03:12 . 2009-04-28 06:52 54352 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-13 03:12 . 2009-04-28 06:52 34928 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-12-13 03:12 . 2009-04-28 06:52 46696 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-12-13 03:12 . 2009-04-28 06:52 172120 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2007-11-11 579072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-03-17 144448]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-11-11 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoStrCmpLogical"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Cyber-shot Viewer Media Check Tool.lnk
backup=c:\windows\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WudfSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"VSS"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"SCardSvr"=3 (0x3)
"RSVP"=3 (0x3)
"RemoteAccess"=3 (0x3)
"RDSessMgr"=3 (0x3)
"NetSvc"=3 (0x3)
"Netlogon"=2 (0x2)
"napagent"=3 (0x3)
"MSIServer"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Macromedia Licensing Service"=3 (0x3)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"aspnet_state"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"6to4"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Python25\\python.exe"=
"c:\\Python25\\pythonw.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\SRO_NEW_Full-Client_Downloader.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Turbo_Crack_8.0\\Turbo Crack 8.0\\edx33.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:Blizzard Downloader: 6112
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 httur;httur; [x]
R3 XDva068;XDva068; [x]
S2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2008-04-14 14336]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 VProt2k;BroadJump PPPoE Helper Protocol;c:\windows\system32\DRIVERS\VProt2k.SYS [2003-05-04 16689]
S3 VWan2k;BroadJump PPPoE Adapter;c:\windows\system32\DRIVERS\VWan2k.SYS [2003-05-04 29131]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{298a5f4c-f7ce-11d8-afcb-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41ac9eb7-e020-11db-afe2-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{daee07f4-e6db-11dc-b0f2-00038a000015}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hometab.bellsouth.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{85e1f530-48f4-11d9-9629-08ff2ffc9f67}
DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - hxxps://www.play.net/components/activex/AXSAL.ocx
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1qv7111c.default\
FF - component: c:\program files\Mozilla Firefox\components\dfff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 10:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-861567501-308236825-725345543-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-861567501-308236825-725345543-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-861567501-308236825-725345543-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-861567501-308236825-725345543-1003\Software\Microsoft\Windows Mobile Disc\S*a*m*s*u*n*g* *B*l*a*c*k*J*a*c*k*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
Completion time: 2009-04-29 10:06
ComboFix-quarantined-files.txt 2009-04-29 14:04
ComboFix2.txt 2009-04-29 03:05

Pre-Run: 42,912,727,040 bytes free
Post-Run: 42,914,316,288 bytes free

254 --- E O F --- 2009-04-15 23:21

OTListIt.Txt



OTListIt logfile created on: 4/29/2009 10:09:24 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.37 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 58.23% Memory free
1.61 Gb Paging File | 1.27 Gb Available in Paging File | 79.36% Paging File free
Paging file location(s): C:\pagefile.sys 384 768;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 39.98 Gb Free Space | 35.76% Space Free | Partition Type: NTFS
Drive D: | 3.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 27.84 Gb Total Space | 2.00 Gb Free Space | 7.17% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UNEEK-I1Q62B3YI
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (6to4 [Disabled | Stopped]) -- C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation)
SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SRV - (Adobe LM Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Avg7Alrt [Auto | Running]) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe (GRISOFT, s.r.o.)
SRV - (Avg7UpdSvc [Auto | Running]) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\System32\CTsvcCDA.EXE (Creative Technology Ltd)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Macromedia Licensing Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (NetSvc [Disabled | Stopped]) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)
SRV - (NwSapAgent [Auto | Running]) -- C:\WINDOWS\System32\ipxsap.dll (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WANMiniportService [Auto | Running]) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Disabled | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (Avg7Core [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7core.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsW [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsXP [System | Running]) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys (GRISOFT, s.r.o.)
DRV - (AvgClean [System | Running]) -- C:\WINDOWS\System32\Drivers\avgclean.sys (GRISOFT, s.r.o.)
DRV - (bvrp_pci [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\bvrp_pci.sys ()
DRV - (catchme [Disabled | Running]) -- File not found
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys (Motorola)
DRV - (MRENDIS5 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MxlW2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (NwlnkIpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (NwlnkNb [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys (Microsoft Corporation)
DRV - (OMCI [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (P17 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (pfc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (PfModNT [Auto | Running]) -- C:\WINDOWS\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RT2500USB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\rt2500usb.sys (Ralink Technology Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (Tcpip6 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbbus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (UsbDiag [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (VProt2k [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\VProt2k.SYS (BroadJump)
DRV - (VWan2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\VWan2k.SYS (BroadJump)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\altavista, = http://www.altavista.com/q?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\dictionary, = http://dictionary.re...com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay, = http://search.ebay.com/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\google, = http://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\grep, = http://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\hotmail, = http://www.hotmail.com
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\money, = http://moneycentral....o...&Company=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\msdn, = http://search.micros...p;siteid=us/dev
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\msn, = http://search.msn.co...FORM=SMCRT&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\slashdot, = http://www.slashdot.com
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\wikipedia, = http://en.wikipedia.....phtml?title=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\yahoo, = http://search.yahoo....bin/search?p=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\yahoomail, = http://mail.yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.1\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 02:52:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.1\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 02:52:19 | 00,000,000 | ---D | M]

[2009/04/28 02:52:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\1qv7111c.default\extensions
[2009/04/29 02:55:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/26 20:34:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3FB02580-5785-45F9-8A95-C4B423549917}
[2009/04/28 02:52:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/17 11:38:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/02 10:09:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/04/28 02:52:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/04/27 20:57:57 | 00,211,968 | ---- | M] () -- C:\Program Files\mozilla firefox\components\dfff.dll
[2006/12/12 23:12:30 | 00,066,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/12/12 23:12:31 | 00,054,352 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/12/12 23:12:32 | 00,034,928 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2006/12/12 23:12:33 | 00,046,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2006/12/12 23:12:34 | 00,172,120 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2006/12/05 00:15:23 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2006/12/05 00:15:23 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2006/12/05 00:15:23 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2006/12/05 00:15:23 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2006/12/05 00:15:23 | 00,002,320 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2006/12/05 00:15:23 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r (Creative Technology Ltd)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeAnimation = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .csm - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .csml - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .cub - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .cube - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .dx - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .emb - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .embl - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .gau - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .jdx - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .mol - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .mop - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .pdb - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .rxn - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .scr - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .skc - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .spt - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .tgf - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .xyz - C:\Program Files\Internet Explorer\Plugins\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} https://www.play.net...tivex/AXSAL.ocx (Launcher Class)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.c.../acclaim_v5.cab (GameLauncher Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - File not found
O18 - Protocol\Filter: - application/x-complus - File not found
O18 - Protocol\Filter: - application/x-msdownload - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\__c00DB04: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{298a5f4c-f7ce-11d8-afcb-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{298a5f4c-f7ce-11d8-afcb-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{298a5f4c-f7ce-11d8-afcb-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{41ac9eb7-e020-11db-afe2-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{41ac9eb7-e020-11db-afe2-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41ac9eb7-e020-11db-afe2-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{daee07f4-e6db-11dc-b0f2-00038a000015}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/04/29 10:06:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/04/29 10:00:10 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/04/28 22:30:19 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/04/28 22:30:16 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/04/28 22:30:16 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/28 22:08:41 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/28 22:08:41 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/28 22:08:41 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/28 22:08:41 | 00,113,152 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/28 22:08:41 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/28 22:08:41 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/28 22:08:41 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/28 22:08:41 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/28 22:08:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/28 22:08:25 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/28 22:05:08 | 03,007,964 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2009/04/28 18:58:33 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\lmppcsetup.exe
[2009/04/28 17:40:09 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/28 16:42:16 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Rooter(2).exe
[2009/04/28 16:37:58 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/04/28 16:37:29 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/28 16:36:58 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/04/28 15:18:41 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/04/28 03:03:53 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/04/28 03:03:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/28 02:53:17 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd162.exe
[2009/04/28 02:52:21 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/27 23:08:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/04/27 23:08:48 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/27 23:08:48 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/27 23:08:46 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/27 23:08:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/27 23:08:42 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/27 20:51:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Twain
[2009/04/27 10:36:51 | 00,409,088 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Female Presidency.doc
[2009/04/26 21:07:48 | 04,051,100 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Turning Me On.mp3
[2009/04/26 18:02:25 | 03,348,504 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Energy.mp3
[2009/04/25 21:25:59 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\QuickSort-Fast.xls
[2009/04/25 20:50:29 | 04,546,798 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Knock You Down.mp3
[2009/04/24 20:55:37 | 02,777,088 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Lockwood Info.doc
[2009/04/24 13:19:55 | 02,306,048 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Female Presidency-Person over Politics-1.ppt
[2009/04/23 22:23:10 | 00,224,768 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Powerpoint.ppt
[2009/04/23 21:10:59 | 00,067,899 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\somedaywoman.jpg
[2009/04/23 15:04:45 | 00,048,131 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\hillaryclinton-for-president.jpg
[2009/04/15 04:33:44 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 04:33:44 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 04:33:43 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 04:33:43 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 04:33:42 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 04:33:42 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 04:33:41 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 04:33:41 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 04:33:41 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 04:29:20 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 04:29:19 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 04:29:19 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/13 13:10:17 | 00,882,688 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Mammy and Hegemony.ppt
[2009/04/10 19:31:22 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\projectdesc.doc
[2009/04/09 12:51:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Tbot
[2009/04/09 09:21:26 | 00,000,162 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\~$R SPCM 4310.doc
[2009/04/09 05:11:30 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\YKR SPCM4310 extra credit.doc
[2009/04/09 01:28:12 | 00,051,712 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\YKR SPCM 4310.doc
[2009/04/08 01:48:00 | 00,374,272 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Lockwood.doc
[2009/04/07 01:19:52 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/07 01:19:38 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/07 01:19:35 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/07 01:19:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/07 01:18:28 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/04/03 03:09:46 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Obinna's Intro Letter.doc
[2009/04/03 00:33:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/03 00:31:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Turbo_Crack_8.0
[2009/04/02 19:44:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\spam
[2009/04/02 18:27:59 | 00,015,972 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MediaPatcher_4784.rar
[2009/04/02 18:27:32 | 01,064,121 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Turbo_Crack_8.0.rar
[2009/03/31 09:13:45 | 00,000,000 | ---D | C] -- C:\Program Files\Silkroad
[2009/03/18 03:37:49 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/07/28 11:08:53 | 00,327,680 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2008/07/28 11:08:53 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2007/12/27 18:32:15 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\BJPPPoEInstaller.dll
[2007/07/26 19:06:22 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/26 19:03:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/28 16:19:07 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/03/28 16:19:07 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/03/28 16:19:07 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/03/28 16:19:06 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/03/28 02:12:28 | 00,002,158 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2007/01/28 13:59:25 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/01/14 18:15:21 | 00,000,775 | ---- | C] () -- C:\WINDOWS\GMUD32.INI
[2007/01/14 17:48:31 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/01/14 17:21:58 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/14 16:28:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2007/01/14 16:24:18 | 00,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/01/14 15:51:20 | 00,000,226 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/14 15:41:03 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2007/01/14 15:40:48 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2007/01/14 15:40:48 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2007/01/14 15:40:48 | 00,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2007/01/14 15:40:48 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/01/14 15:40:47 | 00,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2007/01/14 15:40:38 | 00,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2007/01/14 15:33:26 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/26 01:34:36 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2004/08/26 01:34:32 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2004/03/26 18:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 16:51:23 | 00,000,673 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/16 16:47:28 | 00,000,332 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[8 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/29 10:06:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/29 10:03:19 | 00,000,332 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/28 22:59:47 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/28 22:58:51 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/28 22:58:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/28 22:30:19 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/04/28 22:08:03 | 03,007,964 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
[2009/04/28 22:07:30 | 00,027,648 | ---- | M] () -- C:\WINDOWS\System32\lmppcsetup.exe
[2009/04/28 16:42:13 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Rooter(2).exe
[2009/04/28 16:38:10 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/04/28 16:37:11 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/04/28 15:41:36 | 00,000,673 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/28 15:41:36 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/04/28 14:57:12 | 00,000,226 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/28 14:40:57 | 00,000,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/04/28 03:03:53 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2009/04/28 03:00:02 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd162.exe
[2009/04/28 02:52:21 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/04/28 02:35:51 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\rojijipa
[2009/04/28 01:28:42 | 00,113,152 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/27 23:08:48 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/27 21:51:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090428-030623.backup
[2009/04/27 20:48:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/27 12:29:01 | 00,409,088 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Female Presidency.doc
[2009/04/26 21:17:57 | 04,051,100 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Turning Me On.mp3
[2009/04/26 21:04:11 | 03,348,504 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Energy.mp3
[2009/04/26 15:33:24 | 04,546,798 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Knock You Down.mp3
[2009/04/25 21:35:49 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\QuickSort-Fast.xls
[2009/04/25 15:28:54 | 01,101,632 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/04/24 20:55:38 | 02,777,088 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Lockwood Info.doc
[2009/04/24 14:27:54 | 02,306,048 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Female Presidency-Person over Politics-1.ppt
[2009/04/23 22:23:10 | 00,224,768 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Powerpoint.ppt
[2009/04/23 21:12:53 | 00,155,136 | -HS- | M] () -- C:\Documents and Settings\Owner\Desktop\Thumbs.db
[2009/04/23 21:12:46 | 00,067,899 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\somedaywoman.jpg
[2009/04/23 15:04:47 | 00,048,131 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\hillaryclinton-for-president.jpg
[2009/04/16 22:32:33 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/15 19:21:22 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/13 13:20:57 | 00,882,688 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Mammy and Hegemony.ppt
[2009/04/10 19:31:22 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\projectdesc.doc
[2009/04/10 12:18:39 | 00,240,640 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/09 09:21:26 | 00,000,162 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\~$R SPCM 4310.doc
[2009/04/09 05:11:30 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\YKR SPCM4310 extra credit.doc
[2009/04/09 05:03:05 | 00,051,712 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\YKR SPCM 4310.doc
[2009/04/08 10:37:59 | 00,374,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Lockwood.doc
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/03 03:13:38 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Obinna's Intro Letter.doc
[2009/04/02 18:29:09 | 01,064,121 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Turbo_Crack_8.0.rar
[2009/04/02 18:28:00 | 00,015,972 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MediaPatcher_4784.rar
[2009/03/31 09:17:25 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Silkroad.lnk

========== LOP Check ==========

[2009/04/27 23:08:44 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/17 01:35:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/07 01:19:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/26 13:53:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/01/14 10:18:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/08/06 10:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2007/11/04 11:41:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/02/26 13:50:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/01/14 17:52:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2007/08/05 00:36:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2007/01/14 16:54:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/29 06:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2008/02/08 10:35:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2008/12/09 05:05:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2008/12/08 16:15:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/01/14 15:56:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2007/08/06 02:08:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FogelSoft
[2007/01/14 16:49:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2007/11/11 16:58:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/02/29 19:57:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gtek
[2007/12/11 01:55:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2007/11/11 17:14:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/01/29 22:49:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/04/27 23:08:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2007/10/29 20:24:39 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/05/08 11:49:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/03/04 13:13:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
[2008/09/01 21:45:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2007/03/17 05:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/04/28 14:39:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2007/09/04 19:35:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/04/14 19:25:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/26 13:53:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/01/15 23:14:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/29 10:01:06 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data
[2007/01/14 17:54:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2009/01/14 10:18:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2008/06/20 20:22:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2008/09/09 14:38:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2009/03/01 13:26:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG7
[2008/03/27 07:38:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2007/11/04 00:13:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Creative
[2007/08/17 22:29:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CyberLink
[2008/01/18 12:56:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Dev-Cpp
[2007/02/21 00:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DivX
[2007/08/06 02:00:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FogelSoft
[2007/01/14 17:14:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\F-Secure
[2008/10/25 18:26:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\goombah
[2008/02/29 19:57:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GTek
[2007/10/06 09:27:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help
[2007/01/14 15:23:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2007/01/14 15:59:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Jasc Software Inc
[2007/10/29 20:25:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lavasoft
[2007/01/15 17:44:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2007/07/14 11:51:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2009/04/27 23:08:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/03/29 20:12:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2009/04/27 22:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2008/09/01 21:45:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSN6
[2008/10/25 13:56:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ruckus Network
[2008/03/15 23:00:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Smith Micro
[2007/01/15 17:44:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sonic
[2007/01/28 14:06:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony Corporation
[2008/06/21 06:26:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\StormFront
[2007/01/14 16:20:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2009/04/28 02:35:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Twain
[2009/03/29 20:52:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2007/10/18 16:38:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2007/03/22 02:18:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/04/27 20:48:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2003/07/16 16:36:49 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/29 10:06:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D4275BC
< End of report >
  • 0

#8
Essexboy
Posted 29 April 2009 - 01:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

thank you! I do, however, want to know what to do about this Spybot popup that says: "Spybot - Search & Destroy has detected an important registry entry that has been changed.
Category: System Startup user entry
Change: Value added
Entry: crdmon.exe

New data: C:\WINDOWS\system32\ctfmon.exe

Allow this change as ctfmon is the correct programme

A final sweep now for waifs and strays

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#9
Krysis09
Posted 29 April 2009 - 01:57 PM

Krysis09

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Alright, thanks for the Spybot issue! Here is the report:

MBAM Log


Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/29/2009 3:51:07 PM
mbam-log-2009-04-29 (15-51-07).txt

Scan type: Quick Scan
Objects scanned: 74471
Time elapsed: 2 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00db04 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Vundo) -> Delete on reboot.
  • 0

#10
Essexboy
Posted 29 April 2009 - 02:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK and now the big question - How is your computer running now ?
  • 0

#11
Krysis09
Posted 29 April 2009 - 02:19 PM

Krysis09

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Pretty darn great! On the surface, I don't see any more problems whatsoever!
  • 0

#12
Essexboy
Posted 29 April 2009 - 02:26 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..Run OTListit and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#13
Krysis09
Posted 29 April 2009 - 08:32 PM

Krysis09

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thank you very much for everything!
  • 0

#14
Essexboy
Posted 30 April 2009 - 01:50 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP