Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus again

Started by Strike Martel , May 19 2009 05:09 AM

  • Please log in to reply

#1
Strike Martel
Posted 19 May 2009 - 05:09 AM

Strike Martel

    Member

  • Member
  • PipPip
  • 70 posts
Hi everyone!

I've read one or two threads regarding this, and came across http://www.geekstogo...rus-t93888.html, but my Hijackthis log does not correspond to the other member's, so I thought I would post my Hijackthis log here: (PS: I downloaded those programs in that thread)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:39, on 19/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
\?\globalroot\C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 72.197.42.85:7212
O3 - Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\RYANPR~1\protect.dll,_IWMPEvents@16
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1229439130046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1195077520787
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{30C386B4-E1B2-464F-B3B4-1E70CE80A8CC}: NameServer = 195.92.195.90 195.92.195.91
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8101 bytes


If some kind soul(s) can help me, it'd be much appreciated! :)

I do have admin rights on the computer as well.
  • 0

Advertisements

#2
kahdah
Posted 19 May 2009 - 06:44 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Strike Martel

Welcome to G2Go. :)
=====================
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
Strike Martel
Posted 19 May 2009 - 07:36 AM

Strike Martel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hello! Thank you for getting back to me :)

Here are my logs.

OTListIT

OTListIt logfile created on: 19/05/2009 14:21:24 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Ryan Preston\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.39 Mb Total Physical Memory | 531.48 Mb Available Physical Memory | 51.93% Memory free
2.41 Gb Paging File | 2.07 Gb Available in Paging File | 86.15% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 45.13 Gb Free Space | 59.13% Space Free | Partition Type: NTFS
Drive D: | 9.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 252.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PCHOME
Current User Name: Ryan Preston
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\WINDOWS\system32\taskswitch.exe ()
PRC - C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe (THOMSON multimedia)
PRC - C:\WINDOWS\SM1BG.EXE (Cypress Semiconductor)
PRC - C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - \?\globalroot\C:\WINDOWS\system32\rundll32.exe File not found
PRC - C:\Documents and Settings\Ryan Preston\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSONStatusAgent2 [Auto | Running]) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (Macromedia Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (Macromedia)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SAVAdminService [Unknown | Running]) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (SAVService [Unknown | Running]) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (SerialKeys [On_Demand | Stopped]) -- C:\WINDOWS\system32\skeys.exe (Microsoft Corporation)
SRV - (Sophos AutoUpdate Service [Auto | Running]) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (alcan5wn [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\alcan5wn.sys (THOMSON multimedia)
DRV - (alcaudsl [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\alcaudsl.sys (THOMSON multimedia)
DRV - (ati2mtaa [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys (ATI Technologies Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BANTExt [System | Running]) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (cdudf_xp [System | Stopped]) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Roxio)
DRV - (d347bus [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (d347prt [Boot | Running]) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (DVDVRRdr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows ® 2000 DDK provider)
DRV - (dvd_2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Roxio)
DRV - (GT680x [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\gt680x.sys ( )
DRV - (HSFHWBS2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mmc_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Roxio)
DRV - (NPPTNT2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (NVENET [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENET.sys (NVIDIA Corporation)
DRV - (nv_agp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Roxio)
DRV - (QCDonner [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\OVCD.sys (Microsoft Corporation)
DRV - (SAVOnAccessControl [System | Running]) -- C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys (Sophos Plc)
DRV - (SAVOnAccessFilter [System | Running]) -- C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys (Sophos Plc)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SophosBootDriver [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys (Sophos Plc)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (UDFReadr [System | Running]) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Roxio)
DRV - (vmm [System | Running]) -- C:\WINDOWS\system32\Drivers\vmm.sys (Microsoft Corporation)
DRV - (VPCNetS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...en-US:official"
FF - prefs.js..extensions.enabledItems: {10835DA3-2C49-4B06-9608-124192E5603D}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2008/07/14 19:05:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/20 20:16:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/05/07 18:19:54 | 00,000,000 | ---D | M]

[2008/12/16 04:14:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Preston\Application Data\mozilla\Extensions
[2008/12/16 04:14:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Preston\Application Data\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2008/09/06 10:57:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Preston\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/12/16 03:50:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Preston\Application Data\mozilla\Firefox\Profiles\4qpcts3w.default\extensions
[2008/12/16 04:14:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Preston\Application Data\mozilla\SeaMonkey\Profiles\f1jghwi2.default\extensions
[2009/05/18 22:53:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/06 14:26:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{10835DA3-2C49-4B06-9608-124192E5603D}
[2009/05/18 22:53:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{27758EDB-653F-4D83-A15E-F9BFC9F12F91}
[2009/05/18 17:06:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{56566C5E-C71F-49B6-AAC9-D684E8B8D3B2}
[2009/03/20 20:17:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

O1 HOSTS File: (305250 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10535 more lines...
O3 - HKLM\..\Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 ( )
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe ()
O4 - HKLM..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 (DAEMON'S HOME)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" (Roxio)
O4 - HKLM..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon (THOMSON multimedia)
O4 - HKCU..\Run: [autochk] rundll32.exe C:\DOCUME~1\RYANPR~1\protect.dll,_IWMPEvents@16 ( )
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 (Adobe Systems Incorporated)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Ryan Preston\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Ryan Preston\Start Menu\Programs\Startup\ChkDisk.dll ( )
O4 - Startup: C:\Documents and Settings\Ryan Preston\Start Menu\Programs\Startup\ChkDisk.lnk = C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Ryan Preston\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 E0 FF 03 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229439130046 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1195077520787 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/03 16:33:57 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1997/11/04 16:13:14 | 00,000,252 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1997/11/04 17:21:22 | 00,154,112 | R--- | M] (Interactive Magic) - F:\Auto.exe -- [ CDFS ]
O32 - AutoRun File - [1997/10/29 13:39:42 | 00,197,600 | R--- | M] () - F:\auto.bmp -- [ CDFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\auto.exe -- [1997/11/04 17:21:22 | 00,154,112 | R--- | M] (Interactive Magic)
O33 - MountPoints2\F\Shell\dxsetup\command - "" = F:\directx\dxsetup.exe -- [1997/07/14 17:00:00 | 00,088,576 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\F\Shell\setup\command - "" = F:\setup.exe -- [1997/08/26 13:02:58 | 00,059,904 | R--- | M] (InstallShield Software Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.dll ( )
O34 - HKLM BootExecute: (*) - * [2009/05/19 14:18:38 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[2009/05/19 14:20:00 | 00,286,208 | ---- | C] () -- C:\0r26i1nf.exe
[2009/05/19 14:18:37 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ryan Preston\Desktop\OTListIt2.exe
[2009/05/19 12:07:15 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\Desktop\HijackThis.lnk
[2009/05/19 12:07:15 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/19 11:55:08 | 00,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Ryan Preston\Desktop\KillBox.exe
[2009/05/19 11:53:09 | 00,186,946 | ---- | C] (Business Information Solutions) -- C:\Documents and Settings\Ryan Preston\Desktop\AntiPuper.exe
[2009/05/19 11:47:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Preston\Desktop\Hijackthis
[2009/05/19 02:26:09 | 00,023,552 | -HS- | C] ( ) -- C:\Documents and Settings\Ryan Preston\Start Menu\Programs\Startup\ChkDisk.dll
[2009/05/19 02:26:09 | 00,000,655 | -HS- | C] () -- C:\Documents and Settings\Ryan Preston\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/19 02:26:08 | 00,028,672 | ---- | C] ( ) -- C:\WINDOWS\System32\lmn_setup.exe
[2009/05/19 02:26:08 | 00,023,552 | -HS- | C] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/05/19 02:07:25 | 10,731,76576 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/18 23:51:24 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/05/18 23:51:21 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/05/18 23:46:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Preston\Desktop\Sophos ides
[2009/05/18 23:19:29 | 09,615,808 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Ryan Preston\Desktop\windows-kb890830-v2.10.exe
[2009/05/17 21:32:05 | 01,542,274 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\My Documents\cc_20090517_213203.reg
[2009/05/17 21:29:15 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\Desktop\CCleaner.lnk
[2009/05/17 21:29:14 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/17 21:27:45 | 03,227,248 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Ryan Preston\Desktop\ccsetup219.exe
[2009/05/11 20:44:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Preston\Desktop\Fiesta Photos
[2009/05/11 12:44:36 | 02,108,160 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\Desktop\Miami Vice Instrumental.mp3
[2009/05/09 13:06:45 | 01,542,954 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\Desktop\Cavern Theme.mp3
[2009/05/08 13:15:40 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/05/08 00:24:43 | 03,338,556 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\Desktop\Could it be magic - Take That.mp3
[2009/05/07 22:35:58 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/07 22:33:26 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/07 22:30:05 | 04,991,980 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\My Documents\Take That - Could It Be Magic.mp3
[2009/05/07 18:18:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/05/07 18:18:19 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/05/07 18:18:08 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/05/07 18:17:32 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/05/07 18:17:32 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/05/07 18:17:32 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/05/07 18:17:31 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/05/07 18:17:31 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/05/07 18:17:31 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/05/07 18:17:31 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/05/07 18:17:31 | 00,000,000 | ---D | C] -- C:\c2f08f973555e61aaffb92
[2009/05/07 18:01:15 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/05/07 18:01:14 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/05/07 18:01:14 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/05/07 18:01:14 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/05/07 18:01:13 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/05/07 18:01:13 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/05/07 18:01:12 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/05/07 18:01:12 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/05/07 18:01:12 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/05/07 18:01:11 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/05/07 18:01:10 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/05/07 18:01:09 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/05/07 17:41:57 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/05/07 17:40:54 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/05/07 17:40:17 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/05/07 17:39:59 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/05/07 17:39:57 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/05/07 17:38:44 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/05/07 17:38:44 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/05/07 16:34:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Preston\Application Data\Malwarebytes
[2009/05/07 16:34:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/07 16:34:43 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/07 16:34:41 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/07 16:34:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/07 16:34:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/07 15:13:28 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/07 14:08:46 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/07 14:08:34 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/07 14:06:34 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/05/07 12:45:48 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/05/07 12:45:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/06 21:43:49 | 00,000,000 | ---D | C] -- C:\desktopclean
[2009/05/06 20:29:13 | 00,000,447 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/05/06 18:20:24 | 00,004,110 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/05/06 18:19:51 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/05/06 18:19:51 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/05/06 18:19:51 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/05/06 18:19:51 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/05/06 18:19:51 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/05/06 18:19:51 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/05/06 18:19:51 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/05/06 18:19:51 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/05/06 18:19:51 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/05/06 18:19:51 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/05/06 18:19:51 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/05/06 18:19:51 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/05/06 18:19:50 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/05/06 18:19:50 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/05/05 15:32:36 | 04,758,588 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\My Documents\Various Artists - 13 - Starship - We Built This City.mp3
[2009/04/30 22:10:29 | 00,474,183 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\Desktop\SundEffectaieair.mp3
[2009/04/28 20:33:29 | 72,607,060 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\My Documents\clip0026.avi
[2009/04/20 00:13:01 | 03,300,609 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\Desktop\Johnny Matthis Stardust.mp3
[2009/03/03 00:17:50 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2009/03/03 00:17:50 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2009/01/06 18:03:28 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/12/10 22:29:58 | 00,000,410 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/12/10 22:29:18 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll
[2008/12/10 22:28:50 | 00,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini
[2008/12/10 22:28:47 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL
[2007/08/18 00:31:59 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7977E9F779.sys
[2007/08/18 00:31:56 | 00,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/03/05 14:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/12 01:13:20 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/11/05 20:04:50 | 00,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini
[2006/11/05 20:04:39 | 00,000,093 | ---- | C] () -- C:\WINDOWS\swcmpc.ini
[2006/10/08 22:57:35 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/07 23:50:33 | 00,611,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/07/23 21:39:51 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/06/21 12:24:12 | 00,000,767 | ---- | C] () -- C:\WINDOWS\FUJIGOLF.INI
[2006/06/20 14:11:56 | 00,271,264 | ---- | C] () -- C:\WINDOWS\VBRUN100.DLL
[2006/06/20 14:11:56 | 00,019,200 | ---- | C] () -- C:\WINDOWS\WEPUTIL.DLL
[2006/06/20 14:10:28 | 00,002,139 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2006/06/18 22:24:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/06/05 15:33:21 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/06/05 15:33:20 | 00,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/06/04 16:14:14 | 00,000,084 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/04 15:35:15 | 00,000,021 | ---- | C] () -- C:\WINDOWS\RTD.ini
[2006/06/04 14:32:57 | 00,005,607 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/06/03 19:24:09 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2006/06/03 17:02:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/11 11:47:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2004/08/22 18:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/08/04 13:00:00 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptddrv1.sys
[2004/08/04 13:00:00 | 00,000,870 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 13:00:00 | 00,000,282 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/03 16:08:00 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\lexdlls.dlL
[2001/11/08 08:53:54 | 00,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys

========== Files - Modified Within 30 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/19 14:20:00 | 00,286,208 | ---- | M] () -- C:\0r26i1nf.exe
[2009/05/19 14:18:38 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ryan Preston\Desktop\OTListIt2.exe
[2009/05/19 12:07:15 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\Desktop\HijackThis.lnk
[2009/05/19 11:55:08 | 00,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Ryan Preston\Desktop\KillBox.exe
[2009/05/19 11:53:09 | 00,186,946 | ---- | M] (Business Information Solutions) -- C:\Documents and Settings\Ryan Preston\Desktop\AntiPuper.exe
[2009/05/19 11:49:46 | 00,028,672 | ---- | M] ( ) -- C:\WINDOWS\System32\lmn_setup.exe
[2009/05/19 11:39:05 | 00,527,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/19 11:39:05 | 00,447,006 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/19 11:39:05 | 00,073,442 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/19 11:35:37 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/19 11:35:25 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Ryan Preston\Local Settings\desktop.ini
[2009/05/19 11:34:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/19 11:34:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/19 11:34:41 | 10,731,76576 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/19 02:34:07 | 00,023,552 | -HS- | M] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/05/19 02:26:09 | 00,023,552 | -HS- | M] ( ) -- C:\Documents and Settings\Ryan Preston\Start Menu\Programs\Startup\ChkDisk.dll
[2009/05/19 02:26:09 | 00,000,655 | -HS- | M] () -- C:\Documents and Settings\Ryan Preston\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/18 17:23:05 | 09,615,808 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Ryan Preston\Desktop\windows-kb890830-v2.10.exe
[2009/05/18 14:54:17 | 00,000,447 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/05/17 21:43:10 | 00,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/17 21:32:18 | 01,542,274 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\My Documents\cc_20090517_213203.reg
[2009/05/17 21:29:15 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\Desktop\CCleaner.lnk
[2009/05/17 21:28:26 | 03,227,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Ryan Preston\Desktop\ccsetup219.exe
[2009/05/15 23:34:52 | 00,002,139 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2009/05/14 17:44:08 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/14 14:11:32 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/11 19:45:20 | 02,108,160 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\Desktop\Miami Vice Instrumental.mp3
[2009/05/10 01:43:54 | 01,542,954 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\Desktop\Cavern Theme.mp3
[2009/05/08 18:08:24 | 00,000,767 | ---- | M] () -- C:\WINDOWS\FUJIGOLF.INI
[2009/05/08 11:08:20 | 03,338,556 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\Desktop\Could it be magic - Take That.mp3
[2009/05/07 22:32:24 | 04,991,980 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\My Documents\Take That - Could It Be Magic.mp3
[2009/05/07 22:31:40 | 00,000,870 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/07 22:31:30 | 00,000,045 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/05/07 18:25:09 | 00,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/05/07 16:34:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/07 14:08:27 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/07 14:08:14 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/07 14:06:33 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/05/07 12:53:54 | 00,000,282 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/07 12:53:54 | 00,000,215 | -HS- | M] () -- C:\boot.ini
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 20:25:21 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\lidusayi
[2009/05/06 18:32:56 | 00,305,250 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/06 18:23:40 | 00,004,110 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/05/06 18:23:34 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090506-183256.backup
[2009/05/06 18:14:30 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\Desktop\Spybot - Search & Destroy.lnk
[2009/05/05 15:38:38 | 00,012,432 | -HS- | M] () -- C:\Documents and Settings\Ryan Preston\My Documents\Folder.jpg
[2009/05/05 15:38:38 | 00,002,913 | -HS- | M] () -- C:\Documents and Settings\Ryan Preston\My Documents\AlbumArtSmall.jpg
[2009/05/05 15:34:08 | 04,758,588 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\My Documents\Various Artists - 13 - Starship - We Built This City.mp3
[2009/05/01 10:30:08 | 00,474,183 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\Desktop\SundEffectaieair.mp3
[2009/04/30 01:36:38 | 00,075,776 | ---- | M] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/04/29 19:44:23 | 00,000,924 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\My Documents\My Sharing Folders.lnk
[2009/04/28 20:38:05 | 72,607,060 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\My Documents\clip0026.avi
[2009/04/22 20:29:37 | 03,300,609 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\Desktop\Johnny Matthis Stardust.mp3
< End of report >

Edited by Strike Martel, 19 May 2009 - 07:39 AM.

  • 0

#4
Strike Martel
Posted 19 May 2009 - 07:37 AM

Strike Martel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Extras Log:

OTListIt Extras logfile created on: 19/05/2009 14:21:24 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Ryan Preston\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.39 Mb Total Physical Memory | 531.48 Mb Available Physical Memory | 51.93% Memory free
2.41 Gb Paging File | 2.07 Gb Available in Paging File | 86.15% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 45.13 Gb Free Space | 59.13% Space Free | Partition Type: NTFS
Drive D: | 9.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 252.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PCHOME
Current User Name: Ryan Preston
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 File not found
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo File not found
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire File not found
C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player (Microsoft Corporation)
C:\Program Files\Microsoft Games\Halo Custom Edition\haloce.exe:*:Enabled:Halo File not found
C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus (Aelitis)
C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer File not found
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\PHANTAGRAM\Kingdom Under Fire\KingdomUnderFire.exe:*:Enabled:KUFMain MFC Application ()
C:\WINDOWS\Temp\NavBrowser.exe:*:Enabled:NAVBrowser File not found
C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek ()
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader File not found
C:\Program Files\Common Files\AOL\1160344849\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1160344849\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\EA Games\Command and Conquer Generals\game.dat:*:Enabled:game File not found
C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\game.dat:*:Enabled:game File not found
C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® (Microsoft Corporation)
C:\Program Files\Common Files\AOL\1161532935\ee\aolsoftware.exe:*:Enabled:AOL Services File not found
C:\Program Files\Common Files\AOL\1161532935\ee\aim6.exe:*:Enabled:AIM File not found
C:\Program Files\ProxyWay\proxyway.exe:*:Enabled:proxyway File not found
C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\patchget.dat:*:Enabled:patchgrabber File not found
C:\CCProxy\CCProxy.exe:*:Enabled:CCProxy Microsoft MFC Application File not found
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
C:\Program Files\eMule\emule.exe:*:Enabled:eMule File not found
C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian (Cerulean Studios)
C:\Program Files\Raven\SOF PLATINUM\SoF.exe:*:Enabled:SoF File not found
C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows File not found
C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek File not found
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox File not found
C:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert™ II\RA2\gamemd.exe:*:Enabled:Main executable for Yuri's Revenge File not found
C:\Documents and Settings\Ryan Preston\Desktop\Charon\Charon.exe:*:Enabled:Charon - A proxy checking / scanning program. File not found
C:\Documents and Settings\Ryan Preston\Desktop\CabalTemp\ESTSetupLoader.exe:*:Enabled:EST! download engine File not found
C:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine File not found
C:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer™ Generals\game.dat:*:Enabled:game File not found
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 File not found
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) File not found
C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer (RealNetworks, Inc.)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE (Lexmark International, Inc.)
C:\Program Files\Seven Kingdoms 2\7K2.ICD:*:Enabled:7K2 ()
C:\WINDOWS\explorer.exe:*:Enabled:Explorer (Microsoft Corporation)
C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37D67C45-8484-4398-B5C1-3CAE19FDDF22}" = EPSON PRINT Image Framer Tool1.1
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{4B9535BF-CC90-4158-AF32-CAF57A8820CA}" = Macromedia Contribute 3.11
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5983C895-DDA4-45D9-A8D1-877D5DE7693E}" = EPSON PhotoStarter3.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = ASUSDVD
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7B04B831-98F2-4E8B-A711-255F237AB2F0}" = Kingdom Under Fire
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{90AD0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A7050037-F0EA-4BAB-BCD5-FC05507D6147}" = Alt-Tab Task Switcher Powertoy for Windows XP
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{B2EFE303-A594-11D5-95EB-005004BC1C65}" = EPSON PhotoQuicker3.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB4544EA-C189-41FE-9E3A-76591DDB852B}" = Roxio Easy Media Creator 7
"{CCCAFDDE-ECEC-4AE4-BD97-047076BBD4A9}" = Microsoft Virtual PC 2004 Service Pack 1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE378F36-E404-4244-A33F-F50A2A6D31BD}" = Microsoft Color Control Panel Applet for Windows XP
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = Alcatel SpeedTouch USB Software
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B}" = Opera 9.23
"{EA4FA30B-7321-4428-90E9-28B088EC8DC9}" = Runtime 8.0 Libraries
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F977FD4B-C9A6-4BAA-B4BB-DE3023288253}" = Macromedia FlashPaper 2
"Ad-Aware" = Ad-Aware
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.5 (Unicode)
"Azureus" = Azureus
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"CCleaner" = CCleaner (remove only)
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Driving Test Success 2005/6_is1" = Driving Test Success 2005/6
"EPSON Printer and Utilities" = EPSON Printer Software
"GoldWave v5.22" = GoldWave v5.22
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Kasparov Chessmate_is1" = Kasparov Chessmate
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"Lexmark Printer Software Uninstall" = Lexmark Printer Software Uninstall
"Lexmark X6100 Series" = Lexmark X6100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mmmusic" = Movie Maker Background Music Files
"mmsounds" = Movie Maker Sound Effects
"mmtitle" = Movie Maker Title Images
"mplibwiz.inf" = Media Library Management Wizard
"mpxlswiz.inf" = Windows Media Player Playlist Import to Excel Wizard
"mpxptray.inf" = Windows Media Player Tray Control
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer
"Seven Kingdoms" = Seven Kingdoms
"Seven Kingdoms AA Update" = Seven Kingdoms AA Update
"Seven Kingdoms II" = Seven Kingdoms II
"ShockwaveFlash" = Macromedia Flash Player 8
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"Soulseek" = SoulSeek Client 156b
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Trillian" = Trillian
"Tweak UI 2.10" = Tweak UI
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.5
"wa2wmp" = Windows Media Player Skin Importer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMBK2" = Windows Media Bonus Pack for Windows XP
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/03/2009 15:36:20 | Computer Name = PCHOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 20/03/2009 15:36:20 | Computer Name = PCHOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 20/03/2009 15:43:02 | Computer Name = PCHOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 20/03/2009 15:43:02 | Computer Name = PCHOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 20/03/2009 16:06:14 | Computer Name = PCHOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 20/03/2009 16:06:14 | Computer Name = PCHOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 02/04/2009 19:38:22 | Computer Name = PCHOME | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
acrord32.dll, version 7.0.8.218, fault address 0x000c882d.

Error - 02/04/2009 19:38:32 | Computer Name = PCHOME | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
acrord32.dll, version 7.0.8.218, fault address 0x000c882d.

Error - 11/04/2009 17:18:22 | Computer Name = PCHOME | Source = Google Update | ID = 20
Description =

Error - 11/04/2009 18:18:22 | Computer Name = PCHOME | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 18/05/2009 19:44:22 | Computer Name = PCHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 18/05/2009 19:46:28 | Computer Name = PCHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 18/05/2009 19:49:57 | Computer Name = PCHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 18/05/2009 20:39:40 | Computer Name = PCHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 18/05/2009 20:40:40 | Computer Name = PCHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 18/05/2009 20:40:44 | Computer Name = PCHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 18/05/2009 21:05:27 | Computer Name = PCHOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 18/05/2009 21:08:04 | Computer Name = PCHOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdudf_xp

Error - 18/05/2009 21:11:46 | Computer Name = PCHOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdudf_xp

Error - 19/05/2009 06:35:02 | Computer Name = PCHOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdudf_xp


< End of report >
  • 0

#5
Strike Martel
Posted 19 May 2009 - 07:38 AM

Strike Martel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
And lastly, the results of the .exe program I saved to my C: Directory:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-19 14:33:39
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 86DAB838 ZwEnumerateKey
Code 86D7B838 ZwFlushInstructionCache
Code 86D8D836 IofCallDriver
Code 86EB834E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 86D8D83B
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 86EB8353
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 86DAB83C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 86D7B83C
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTDDRV1.SYS The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F651F8AC 5 Bytes JMP 871491B8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F74576C4] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F746D394] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F746D4E8] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F746C7AE] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F746D4E8] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 873791D8

AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

Device \FileSystem\Fastfat \FatCdrom 86F2D1D8
Device \FileSystem\Fastfat \FatCdrom 86436328
Device \Driver\NetBT \Device\NetBT_Tcpip_{015057F2-9E62-4C5D-86AE-9A83F7785B32} 86E8D990
Device \Driver\usbohci \Device\USBPDO-0 871F81D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8737D1D8
Device \Driver\dmio \Device\DmControl\DmConfig 8737D1D8
Device \Driver\dmio \Device\DmControl\DmPnP 8737D1D8
Device \Driver\dmio \Device\DmControl\DmInfo 8737D1D8
Device \FileSystem\UDFReadr \Device\UdfReadr 86E6C348

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8737E1D8
Device \Driver\Cdrom \Device\CdRom0 86EA25B0
Device \FileSystem\Rdbss \Device\FsWrap 86D52910
Device \FileSystem\DVDVRRdr_xp \Device\DVDVRRdr 86E8AC18
Device \Driver\Cdrom \Device\CdRom1 86EA25B0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 86EB81C0
Device \Driver\atapi \Device\Ide\IdePort0 86EB81C0
Device \Driver\atapi \Device\Ide\IdePort1 86EB81C0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 86EB81C0
Device \Driver\Cdrom \Device\CdRom2 86EA25B0
Device \Driver\NetBT \Device\NetBt_Wins_Export 86E8D990
Device \Driver\NetBT \Device\NetbiosSmb 86E8D990
Device \FileSystem\Srv \Device\LanmanServer 86547698
Device \Driver\usbohci \Device\USBFDO-0 871F81D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86BEB1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86D458C0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86BEB1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86D458C0
Device \FileSystem\Npfs \Device\NamedPipe 86EBE478
Device \Driver\Ftdisk \Device\FtControl 8737E1D8
Device \FileSystem\Msfs \Device\Mailslot 86D4A998
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 86EB9D70
Device \Driver\d347prt \Device\Scsi\d347prt1 86EB9D70
Device \FileSystem\Fastfat \Fat 86F2D1D8
Device \FileSystem\Fastfat \Fat 86436328

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 86E81B20
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 86E81B20
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 86E81B20
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 86E81B20
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 86E81B20
Device \FileSystem\Cdfs \Cdfs 86EE7990
Device \FileSystem\Cdfs \Cdfs 86F6FD58

---- Modules - GMER 1.0.15 ----

Module _________ F736C000-F7384000 (98304 bytes)

---- EOF - GMER 1.0.15 ----
  • 0

#6
Strike Martel
Posted 19 May 2009 - 11:55 AM

Strike Martel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Just out of curiosity, will a solution solve the other two accounts on the computer? Or will I need to repeat the steps for them? One of the accounts I can delete, the other is a limited account.
  • 0

#7
kahdah
Posted 19 May 2009 - 11:59 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Each one will need to be scanned but only minimally.
I will explain a little later.

Download this program:

submit files packer

Highlight the files listed below in bold and right-click and selecting copy.

C:\WINDOWS\System32\lmn_setup.exe


Then start the file packer program and right click in the white box and select paste to paste the copied file names in the field.

Then press the Continue button.

I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.

Rename this file to samples.cab

Click Here to upload the files please.
=========================
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#8
Strike Martel
Posted 19 May 2009 - 12:28 PM

Strike Martel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
ComboFix 09-05-19.04 - Ryan Preston 19/05/2009 19:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.585 [GMT 1:00]
Running from: c:\documents and settings\Ryan Preston\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *On-access scanning disabled* (Outdated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\protect.dll
c:\documents and settings\Ryan Preston\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Ryan Preston\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\ovfstheyapiilpkxvnispejaqcirwwwbdwyktj.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\lmn_setup.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\ovfsthemvjlfgxvxpgfccevprdrrwotvpfhinx.dll
c:\windows\system32\ovfsthflvkwijigitdgofmkmliqfxodgtekvba.dll
c:\windows\system32\ovfsthflvkwijigitdgofmkmliqfxodgtekvba.dll_old
c:\windows\system32\ovfsthhenusuobuasdqxvorqxgcbdwtaqwbiqj.dat
c:\windows\system32\ovfsthkltlvjlxbccnqxnyqcaekjvuiltfkkro.dat
c:\windows\system32\ovfsthrhosrwvjfylisiboauiqubvpqbrbejpw.dll
c:\windows\system32\ovfsthrhosrwvjfylisiboauiqubvpqbrbejpw.dll_old
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.

2009-05-19 13:20 . 2009-05-19 13:20 286208 -c--a-w C:\0r26i1nf.exe
2009-05-19 11:07 . 2009-05-19 11:07 -------- dc----w c:\program files\Trend Micro
2009-05-18 22:51 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-18 22:51 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-05-17 20:30 . 2009-05-17 20:30 -------- dcsh--w c:\documents and settings\Ryan Preston\IECompatCache
2009-05-17 20:29 . 2009-05-17 20:29 -------- dc----w c:\program files\CCleaner
2009-05-17 19:23 . 2009-05-17 19:23 -------- dcsh--w c:\windows\system32\config\systemprofile\PrivacIE
2009-05-11 13:08 . 2009-05-11 13:08 -------- dcsh--w c:\documents and settings\NetworkService\IETldCache
2009-05-07 22:07 . 2009-05-07 22:07 -------- dc----w c:\documents and settings\Sharron\Application Data\vlc
2009-05-07 17:18 . 2009-05-07 17:18 -------- dc----w c:\windows\system32\XPSViewer
2009-05-07 17:18 . 2009-05-07 17:18 -------- dc----w c:\program files\MSBuild
2009-05-07 17:18 . 2009-05-07 17:18 -------- dc----w c:\program files\Reference Assemblies
2009-05-07 17:17 . 2008-07-06 12:06 117760 -c----w c:\windows\system32\prntvpt.dll
2009-05-07 17:17 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-07 17:17 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-07 17:17 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-07 17:17 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\xpsshhdr.dll
2009-05-07 17:17 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-07 17:17 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\xpssvcs.dll
2009-05-07 17:17 . 2009-05-07 17:17 -------- dc----w C:\c2f08f973555e61aaffb92
2009-05-07 17:01 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-05-07 17:01 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-05-07 17:01 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-05-07 17:01 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-05-07 17:01 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-07 17:01 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-07 17:01 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-05-07 17:01 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-05-07 17:01 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-05-07 17:01 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-07 17:01 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-07 17:01 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-07 16:41 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-05-07 16:40 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-07 16:40 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-05-07 16:39 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-05-07 16:39 . 2008-09-04 17:15 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll
2009-05-07 16:38 . 2008-05-03 11:55 2560 -c----w c:\windows\system32\xpsp4res.dll
2009-05-07 15:34 . 2009-05-07 15:34 -------- dc----w c:\documents and settings\Ryan Preston\Application Data\Malwarebytes
2009-05-07 15:34 . 2009-04-06 14:32 15504 -c--a-w c:\windows\system32\drivers\mbam.sys
2009-05-07 15:34 . 2009-04-06 14:32 38496 -c--a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-07 15:34 . 2009-05-07 15:34 -------- dc----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-07 15:34 . 2009-05-07 15:34 -------- dc----w c:\program files\Malwarebytes' Anti-Malware
2009-05-07 14:13 . 2009-05-07 13:08 15688 -c--a-w c:\windows\system32\lsdelete.exe
2009-05-07 13:11 . 2009-05-07 13:11 -------- dc----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-05-07 13:08 . 2009-05-07 13:08 64160 -c--a-w c:\windows\system32\drivers\Lbd.sys
2009-05-07 13:06 . 2009-05-07 13:06 -------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-07 11:45 . 2009-05-07 13:08 -------- dc----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-06 20:43 . 2009-05-06 20:43 -------- dc----w C:\desktopclean
2009-05-06 13:27 . 2009-05-06 13:27 -------- dcsh--w c:\documents and settings\LocalService\IETldCache
2009-05-06 13:27 . 2009-05-06 13:27 -------- dcsh--w c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 16:08 . 2008-07-01 14:52 34 -c--a-w c:\documents and settings\Ryan Preston\jagex_runescape_preferences.dat
2009-05-19 10:51 . 2007-04-17 19:40 -------- dc----w c:\program files\Trillian
2009-05-18 22:43 . 2006-06-03 21:37 83520 -c--a-w c:\documents and settings\Ryan Preston\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-18 20:17 . 2006-06-16 15:51 -------- dc----w c:\program files\Google
2009-05-18 10:52 . 2008-12-16 03:13 -------- dc----w c:\program files\SeaMonkey
2009-05-17 13:42 . 2007-06-25 14:26 -------- dc----w c:\program files\Seven Kingdoms
2009-05-11 11:34 . 2006-12-26 03:16 -------- dc----w c:\program files\Soulseek
2009-05-07 13:06 . 2008-01-17 01:18 -------- dc----w c:\program files\Lavasoft
2009-05-06 17:14 . 2006-11-26 12:10 -------- dc----w c:\program files\Spybot - Search & Destroy
2009-04-29 18:43 . 2007-10-22 09:53 -------- dc----w c:\program files\MSN Messenger
2009-03-31 17:19 . 2009-03-31 17:19 -------- dc----w c:\program files\Lexmark
2009-03-20 19:16 . 2008-12-16 02:48 410984 -c--a-w c:\windows\system32\deploytk.dll
2009-03-20 19:16 . 2006-06-03 16:04 -------- dc----w c:\program files\Java
2009-03-08 04:34 . 2004-08-04 12:00 914944 -c--a-w c:\windows\system32\wininet.dll
2009-03-08 04:34 . 2004-08-04 12:00 43008 -c--a-w c:\windows\system32\licmgr10.dll
2009-03-08 04:33 . 2004-08-04 12:00 18944 -c--a-w c:\windows\system32\corpol.dll
2009-03-08 04:33 . 2004-08-04 12:00 420352 -c--a-w c:\windows\system32\vbscript.dll
2009-03-08 04:32 . 2004-08-04 12:00 72704 -c--a-w c:\windows\system32\admparse.dll
2009-03-08 04:32 . 2004-08-04 12:00 71680 -c--a-w c:\windows\system32\iesetup.dll
2009-03-08 04:31 . 2004-08-04 12:00 34816 -c--a-w c:\windows\system32\imgutil.dll
2009-03-08 04:31 . 2004-08-04 12:00 48128 -c--a-w c:\windows\system32\mshtmler.dll
2009-03-08 04:31 . 2004-08-04 12:00 45568 -c--a-w c:\windows\system32\mshta.exe
2009-03-08 04:22 . 2004-08-04 12:00 156160 -c--a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 12:00 284160 -c--a-w c:\windows\system32\pdh.dll
2003-08-27 13:19 . 2006-06-03 16:38 36963 -c--a-r c:\program files\Common Files\SM1updtr.dll
2007-08-17 23:41 . 2007-08-17 23:31 56 -csh--r c:\windows\system32\7977E9F779.sys
2007-08-18 00:07 . 2007-08-17 23:31 1682 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 339968]
"RoxioDragToDisc"="c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-11-17 1691648]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 860672]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\Ryan Preston\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-5 108544]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-5 108544]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2007-6-21 245760]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\PHANTAGRAM\\Kingdom Under Fire\\KingdomUnderFire.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Seven Kingdoms 2\\7K2.ICD"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/05/2009 14:08 64160]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [03/06/2006 17:35 104704]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [03/06/2006 17:35 35584]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18/01/2009 22:34 953168]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [22/09/2008 13:18 69632]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [21/08/2008 13:04 98304]
S1 ntiomin;ntiomin; [x]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [12/10/2008 18:14 14976]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:08]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 72.197.42.85:7212
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search with Freeserve - c:\progra~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
TCP: {30C386B4-E1B2-464F-B3B4-1E70CE80A8CC} = 195.92.195.91 195.92.195.90
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 19:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1177238915-1580818891-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1177238915-1580818891-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d7,11,16,2c,01,2f,34,0c,13,d5,29,e0,38,41,90,59,99,eb,d2,b5,6a,b8,ef,
74,18,9c,10,1d,b7,f8,ed,c0,1c,20,e8,43,0c,6e,6a,a0,3c,cc,f9,2b,13,28,24,58,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-1177238915-1580818891-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:5e,32,89,a9,44,76,fe,ba,87,6e,6b,17,62,08,e9,96,02,f5,7b,04,72,
bd,45,dc,04,10,f0,2d,eb,c7,8b,c4,9b,38,d7,5c,ff,91,16,e0,b4,b6,c3,c9,9c,cb,\
"rkeysecu"=hex:dd,bc,ad,1e,30,35,24,4f,1a,47,c7,1e,c5,3b,48,c4
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3020)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-19 19:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-19 18:51

Pre-Run: 48,391,483,392 bytes free
Post-Run: 48,341,282,816 bytes free

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
266 --- E O F --- 2009-05-14 16:44

Edited by Strike Martel, 19 May 2009 - 01:30 PM.

  • 0

#9
kahdah
Posted 19 May 2009 - 05:13 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Follow up scan=================================
  • Double click on Otlistit to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

#10
Strike Martel
Posted 20 May 2009 - 06:30 AM

Strike Martel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Malwarebytes' Anti-Malware 1.36
Database version: 2156
Windows 5.1.2600 Service Pack 3

20/05/2009 13:23:53
mbam-log-2009-05-20 (13-23-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 200897
Time elapsed: 1 hour(s), 10 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\protect.dll.vir (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Ryan Preston\Start Menu\Programs\Startup\ChkDisk.dll.vir (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthemvjlfgxvxpgfccevprdrrwotvpfhinx.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lmn_setup.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthflvkwijigitdgofmkmliqfxodgtekvba.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthflvkwijigitdgofmkmliqfxodgtekvba.dll_old.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthrhosrwvjfylisiboauiqubvpqbrbejpw.dll_old.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\protect.dll.vir (Spyware.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ovfstheyapiilpkxvnispejaqcirwwwbdwyktj.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2070E876-5B41-4D11-B58A-7B365A1B894C}\RP0\A0000001.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2070E876-5B41-4D11-B58A-7B365A1B894C}\RP0\A0000003.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2070E876-5B41-4D11-B58A-7B365A1B894C}\RP0\A0000004.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2070E876-5B41-4D11-B58A-7B365A1B894C}\RP0\A0000011.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2070E876-5B41-4D11-B58A-7B365A1B894C}\RP0\A0000016.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2070E876-5B41-4D11-B58A-7B365A1B894C}\RP0\A0000100.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2070E876-5B41-4D11-B58A-7B365A1B894C}\RP0\A0000104.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2070E876-5B41-4D11-B58A-7B365A1B894C}\RP0\A0000113.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2070E876-5B41-4D11-B58A-7B365A1B894C}\RP0\A0000114.dll (Spyware.Agent) -> Quarantined and deleted successfully.


OTListIt logfile created on: 20/05/2009 13:31:43 - Run 2
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Ryan Preston\Desktop\Security Stuff
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.39 Mb Total Physical Memory | 593.21 Mb Available Physical Memory | 57.96% Memory free
2.41 Gb Paging File | 2.11 Gb Available in Paging File | 87.79% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 44.96 Gb Free Space | 58.90% Space Free | Partition Type: NTFS
Drive D: | 9.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 252.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PCHOME
Current User Name: Ryan Preston
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\WINDOWS\system32\taskswitch.exe ()
PRC - C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe (THOMSON multimedia)
PRC - C:\WINDOWS\SM1BG.EXE (Cypress Semiconductor)
PRC - C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Documents and Settings\Ryan Preston\Desktop\Security Stuff\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSONStatusAgent2 [Auto | Running]) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (Macromedia Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (Macromedia)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SAVAdminService [Unknown | Running]) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (SAVService [Unknown | Running]) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (SerialKeys [On_Demand | Stopped]) -- C:\WINDOWS\system32\skeys.exe (Microsoft Corporation)
SRV - (Sophos AutoUpdate Service [Auto | Running]) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (alcan5wn [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\alcan5wn.sys (THOMSON multimedia)
DRV - (alcaudsl [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\alcaudsl.sys (THOMSON multimedia)
DRV - (ati2mtaa [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys (ATI Technologies Inc.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BANTExt [System | Running]) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (cdudf_xp [System | Stopped]) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Roxio)
DRV - (d347bus [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (d347prt [Boot | Running]) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (DVDVRRdr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows ® 2000 DDK provider)
DRV - (dvd_2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Roxio)
DRV - (GT680x [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\gt680x.sys ( )
DRV - (HSFHWBS2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mmc_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Roxio)
DRV - (NPPTNT2 [On_Demand | Stopped]) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (NVENET [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENET.sys (NVIDIA Corporation)
DRV - (nv_agp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Roxio)
DRV - (QCDonner [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\OVCD.sys (Microsoft Corporation)
DRV - (SAVOnAccessControl [System | Running]) -- C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys (Sophos Plc)
DRV - (SAVOnAccessFilter [System | Running]) -- C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys (Sophos Plc)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SophosBootDriver [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys (Sophos Plc)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (UDFReadr [System | Running]) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Roxio)
DRV - (vmm [System | Running]) -- C:\WINDOWS\system32\Drivers\vmm.sys (Microsoft Corporation)
DRV - (VPCNetS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.mozilla...en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {10835DA3-2C49-4B06-9608-124192E5603D}:1.0
FF - prefs.js..extensions.enabledItems: {27758EDB-653F-4D83-A15E-F9BFC9F12F91}:1.0
FF - prefs.js..extensions.enabledItems: {56566C5E-C71F-49B6-AAC9-D684E8B8D3B2}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2008/07/14 19:05:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/20 20:16:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/05/07 18:19:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/19 22:41:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/19 22:41:01 | 00,000,000 | ---D | M]

[2008/12/16 04:14:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Preston\Application Data\mozilla\Extensions
[2008/12/16 04:14:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Preston\Application Data\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2008/09/06 10:57:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Preston\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/12/16 03:50:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Preston\Application Data\mozilla\Firefox\Profiles\4qpcts3w.default\extensions
[2008/12/16 04:14:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ryan Preston\Application Data\mozilla\SeaMonkey\Profiles\f1jghwi2.default\extensions
[2009/05/19 23:16:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/06 14:26:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{10835DA3-2C49-4B06-9608-124192E5603D}
[2009/05/18 22:53:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{27758EDB-653F-4D83-A15E-F9BFC9F12F91}
[2009/05/18 17:06:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{56566C5E-C71F-49B6-AAC9-D684E8B8D3B2}
[2009/05/19 22:41:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/20 20:17:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/24 07:00:58 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 07:00:58 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 20:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe ()
O4 - HKLM..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 (DAEMON'S HOME)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" (Cyberlink Corp.)
O4 - HKLM..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" (Roxio)
O4 - HKLM..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon (THOMSON multimedia)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 (Adobe Systems Incorporated)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Ryan Preston\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Ryan Preston\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229439130046 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1195077520787 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/03 16:33:57 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1997/11/04 16:13:14 | 00,000,252 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1997/11/04 17:21:22 | 00,154,112 | R--- | M] (Interactive Magic) - F:\Auto.exe -- [ CDFS ]
O32 - AutoRun File - [1997/10/29 13:39:42 | 00,197,600 | R--- | M] () - F:\auto.bmp -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - File not found
O34 - HKLM BootExecute: (*) - * [2009/05/19 22:20:46 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/19 22:41:04 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/05/19 22:33:31 | 07,352,904 | ---- | C] (Mozilla) -- C:\Documents and Settings\Ryan Preston\Desktop\Firefox Setup 3.0.10.exe
[2009/05/19 22:20:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Preston\Desktop\Security Stuff
[2009/05/19 19:51:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Preston\Local Settings\temp
[2009/05/19 19:34:19 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/19 19:12:42 | 00,000,215 | ---- | C] () -- C:\Boot.bak
[2009/05/19 19:12:38 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/19 19:12:37 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/19 19:09:57 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/19 19:09:57 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/19 19:09:57 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/19 19:09:57 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/19 19:09:57 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/19 19:09:57 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/19 19:09:57 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/19 19:09:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/19 19:09:36 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/19 14:20:00 | 00,286,208 | ---- | C] () -- C:\0r26i1nf.exe
[2009/05/19 12:07:15 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/19 02:07:25 | 10,731,76576 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/18 23:51:24 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/05/18 23:51:21 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/05/18 23:46:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Preston\Desktop\Sophos ides
[2009/05/17 21:32:05 | 01,542,274 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\My Documents\cc_20090517_213203.reg
[2009/05/17 21:29:14 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/11 20:44:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Preston\Desktop\Fiesta Photos
[2009/05/11 12:44:36 | 02,108,160 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\Desktop\Miami Vice Instrumental.mp3
[2009/05/09 13:06:45 | 01,542,954 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\Desktop\Cavern Theme.mp3
[2009/05/08 13:15:40 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/05/08 00:24:43 | 03,338,556 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\Desktop\Could it be magic - Take That.mp3
[2009/05/07 22:35:58 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/07 22:33:26 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/07 22:30:05 | 04,991,980 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\My Documents\Take That - Could It Be Magic.mp3
[2009/05/07 18:18:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/05/07 18:18:19 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/05/07 18:18:08 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/05/07 18:17:32 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/05/07 18:17:32 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/05/07 18:17:32 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/05/07 18:17:31 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/05/07 18:17:31 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/05/07 18:17:31 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/05/07 18:17:31 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/05/07 18:17:31 | 00,000,000 | ---D | C] -- C:\c2f08f973555e61aaffb92
[2009/05/07 18:01:15 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/05/07 18:01:14 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/05/07 18:01:14 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/05/07 18:01:14 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/05/07 18:01:13 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/05/07 18:01:13 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/05/07 18:01:12 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/05/07 18:01:12 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/05/07 18:01:12 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/05/07 18:01:11 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/05/07 18:01:10 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/05/07 18:01:09 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/05/07 17:41:57 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/05/07 17:40:54 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/05/07 17:40:17 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/05/07 17:39:59 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/05/07 17:39:57 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/05/07 17:38:44 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/05/07 17:38:44 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/05/07 16:34:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ryan Preston\Application Data\Malwarebytes
[2009/05/07 16:34:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/07 16:34:43 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/07 16:34:41 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/07 16:34:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/07 16:34:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/07 15:13:28 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/07 14:08:46 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/07 14:08:34 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/07 14:06:34 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/05/07 12:45:48 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/05/07 12:45:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/05/06 21:43:49 | 00,000,000 | ---D | C] -- C:\desktopclean
[2009/05/06 20:29:13 | 00,000,447 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/05/05 15:32:36 | 04,758,588 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\My Documents\Various Artists - 13 - Starship - We Built This City.mp3
[2009/04/30 22:10:29 | 00,474,183 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\Desktop\SundEffectaieair.mp3
[2009/04/28 20:33:29 | 72,607,060 | ---- | C] () -- C:\Documents and Settings\Ryan Preston\My Documents\clip0026.avi
[2009/03/03 00:17:50 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2009/03/03 00:17:50 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2009/01/06 18:03:28 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/12/10 22:29:58 | 00,000,410 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/12/10 22:29:18 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll
[2008/12/10 22:28:50 | 00,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini
[2008/12/10 22:28:47 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL
[2007/08/18 00:31:59 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7977E9F779.sys
[2007/08/18 00:31:56 | 00,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/03/05 14:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/12 01:13:20 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/11/05 20:04:50 | 00,000,021 | ---- | C] () -- C:\WINDOWS\progman.ini
[2006/11/05 20:04:39 | 00,000,093 | ---- | C] () -- C:\WINDOWS\swcmpc.ini
[2006/10/08 22:57:35 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/07 23:50:33 | 00,611,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/07/23 21:39:51 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/06/21 12:24:12 | 00,000,767 | ---- | C] () -- C:\WINDOWS\FUJIGOLF.INI
[2006/06/20 14:11:56 | 00,271,264 | ---- | C] () -- C:\WINDOWS\VBRUN100.DLL
[2006/06/20 14:11:56 | 00,019,200 | ---- | C] () -- C:\WINDOWS\WEPUTIL.DLL
[2006/06/20 14:10:28 | 00,002,139 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2006/06/18 22:24:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/06/05 15:33:21 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/06/05 15:33:20 | 00,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/06/04 16:14:14 | 00,000,084 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/04 15:35:15 | 00,000,021 | ---- | C] () -- C:\WINDOWS\RTD.ini
[2006/06/04 14:32:57 | 00,005,607 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2006/06/03 19:24:09 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2006/06/03 17:02:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/11 11:47:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2004/08/22 18:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/08/04 13:00:00 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptddrv1.sys
[2004/08/04 13:00:00 | 00,000,870 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 13:00:00 | 00,000,282 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/03 16:08:00 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\lexdlls.dlL
[2001/11/08 08:53:54 | 00,018,120 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys

========== Files - Modified Within 30 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/20 13:30:23 | 00,527,526 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/20 13:30:23 | 00,447,006 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/20 13:30:23 | 00,073,442 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/20 13:27:20 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/20 13:27:01 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Ryan Preston\Local Settings\desktop.ini
[2009/05/20 13:25:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/20 13:25:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/20 13:25:41 | 10,731,76576 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/19 22:41:04 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/05/19 22:33:31 | 07,352,904 | ---- | M] (Mozilla) -- C:\Documents and Settings\Ryan Preston\Desktop\Firefox Setup 3.0.10.exe
[2009/05/19 19:44:00 | 00,000,282 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/19 19:43:22 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/05/19 19:12:42 | 00,000,285 | RHS- | M] () -- C:\boot.ini
[2009/05/19 14:20:00 | 00,286,208 | ---- | M] () -- C:\0r26i1nf.exe
[2009/05/18 14:54:17 | 00,000,447 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/05/17 21:43:10 | 00,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/17 21:32:18 | 01,542,274 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\My Documents\cc_20090517_213203.reg
[2009/05/15 23:34:52 | 00,002,139 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2009/05/14 17:50:08 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/14 17:44:08 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/14 14:11:32 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/11 19:45:20 | 02,108,160 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\Desktop\Miami Vice Instrumental.mp3
[2009/05/10 01:43:54 | 01,542,954 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\Desktop\Cavern Theme.mp3
[2009/05/08 18:08:24 | 00,000,767 | ---- | M] () -- C:\WINDOWS\FUJIGOLF.INI
[2009/05/08 11:08:20 | 03,338,556 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\Desktop\Could it be magic - Take That.mp3
[2009/05/07 22:32:24 | 04,991,980 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\My Documents\Take That - Could It Be Magic.mp3
[2009/05/07 22:31:40 | 00,000,870 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/07 22:31:30 | 00,000,045 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009/05/07 18:25:09 | 00,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/05/07 16:34:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/07 14:08:27 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/07 14:08:14 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/07 14:06:33 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/05/07 12:53:54 | 00,000,215 | ---- | M] () -- C:\Boot.bak
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 20:25:21 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\lidusayi
[2009/05/06 18:23:34 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090506-183256.backup
[2009/05/06 18:14:30 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\Desktop\Spybot - Search & Destroy.lnk
[2009/05/05 15:38:38 | 00,012,432 | -HS- | M] () -- C:\Documents and Settings\Ryan Preston\My Documents\Folder.jpg
[2009/05/05 15:38:38 | 00,002,913 | -HS- | M] () -- C:\Documents and Settings\Ryan Preston\My Documents\AlbumArtSmall.jpg
[2009/05/05 15:34:08 | 04,758,588 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\My Documents\Various Artists - 13 - Starship - We Built This City.mp3
[2009/05/01 10:30:08 | 00,474,183 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\Desktop\SundEffectaieair.mp3
[2009/04/29 19:44:23 | 00,000,924 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\My Documents\My Sharing Folders.lnk
[2009/04/28 20:38:05 | 72,607,060 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\My Documents\clip0026.avi
[2009/04/22 20:29:37 | 03,300,609 | ---- | M] () -- C:\Documents and Settings\Ryan Preston\Desktop\Johnny Matthis Stardust.mp3
< End of report >

Edited by Strike Martel, 20 May 2009 - 06:34 AM.

  • 0

Advertisements

#11
kahdah
Posted 20 May 2009 - 06:34 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
How are things running?
  • 0

#12
Strike Martel
Posted 20 May 2009 - 06:36 AM

Strike Martel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
I've just edited my post above. Sorry about that, I had run the OT scan but forgot to post the log >_<

But yeah, I've pasted it under the other log. My browser (Mozilla is still getting hijacked but the websites are different now :S)
My computer is running far more quickly though! Internet Explorer is running fine, I think.

Thank you for your help though :)

PS: I'll just get rid of Firefox.

Edited by Strike Martel, 20 May 2009 - 06:40 AM.

  • 0

#13
kahdah
Posted 20 May 2009 - 06:40 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.
  • 0

#14
Strike Martel
Posted 20 May 2009 - 06:42 AM

Strike Martel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
GooredFix v1.92 by jpshortstuff
Log created at 13:42 on 20/05/2009 running Option #1 (Ryan Preston)
Firefox version 3.0.10 (en-GB)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{56566C5E-C71F-49B6-AAC9-D684E8B8D3B2}

C:\Program Files\Mozilla Firefox\extensions\{27758EDB-653F-4D83-A15E-F9BFC9F12F91}

C:\Program Files\Mozilla Firefox\extensions\{10835DA3-2C49-4B06-9608-124192E5603D}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord"
  • 0

#15
kahdah
Posted 20 May 2009 - 06:42 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please double-click GooredFix.exe on your Desktop to run it.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP