Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Alureon-AM (RTK) & Trojan-gen (Other) [Solved]

Started by ch0ices , May 23 2009 10:02 AM

  • This topic is locked This topic is locked

#1
ch0ices
Posted 23 May 2009 - 10:02 AM

ch0ices

    Member

  • Member
  • PipPip
  • 14 posts
Hello. I started to search the web when my IE was acting 'funky' a few weeks ago. I know better, but, I thought I had the issure pretty much taken care of, at least, taken care of well enough I could do what I wanted to do.
I currently have a desktop that's running Vista 32 bit home on it. Not sure which other details you need for it as well, let me know and I'd be happy to find out.
I've read the forum topic to remove malware and such, and followed it as well as I could. I kept a running log of everything that I did, step by step as I did it as well. I will post it here, so that you know as well. Please keep in mind that now, my desktop will not go to ANY web page, so anything that I download or view, will have to be done on my laptop, which is running Windows XP.
Thank you much in advance.

Jessica

Errors while trying to run all of the recommended items;

SysRestore;

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.Runtime.InteropServices.COMException (0x800423F4): Exception from HRESULT: 0x800423F4
at Microsoft.VisualBasic.CompilerServices.LateBinding.LateGet(Object o, Type objType, String name, Object[] args, String[] paramnames, Boolean[] CopyBack)
at Microsoft.VisualBasic.CompilerServices.NewLateBinding.LateGet(Object Instance, Type Type, String MemberName, Object[] Arguments, String[] ArgumentNames, Type[] TypeArguments, Boolean[] CopyBack)
at SysRestorePoint.Module1.CreateRestorePoint()
at SysRestorePoint.Form1.Form1_Load(Object eventSender, EventArgs eventArgs)
at System.EventHandler.Invoke(Object sender, EventArgs e)
at System.Windows.Forms.Form.OnLoad(EventArgs e)
at System.Windows.Forms.Form.OnCreateControl()
at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)
at System.Windows.Forms.Control.CreateControl()
at System.Windows.Forms.Control.WmShowWindow(Message& m)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ScrollableControl.WndProc(Message& m)
at System.Windows.Forms.ContainerControl.WndProc(Message& m)
at System.Windows.Forms.Form.WmShowWindow(Message& m)
at System.Windows.Forms.Form.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)


************** Loaded Assemblies **************
mscorlib
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
SysRestorePoint
Assembly Version: 1.3.0.0
Win32 Version: 1.3.0.0
CodeBase: file:///C:/Users/Jessica/Desktop/SysRestorePoint.exe
----------------------------------------
Microsoft.VisualBasic
Assembly Version: 8.0.0.0
Win32 Version: 8.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/Microsoft.VisualBasic/8.0.0.0__b03f5f7f11d50a3a/Microsoft.VisualBasic.dll
----------------------------------------
System
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Windows.Forms
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System.Drawing
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
System.Runtime.Remoting
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Runtime.Remoting/2.0.0.0__b77a5c561934e089/System.Runtime.Remoting.dll
----------------------------------------
System.Configuration
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Configuration/2.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll
----------------------------------------
System.Xml
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.1434 (REDBITS.050727-1400)
CodeBase: file:///C:/Windows/assembly/GAC_MSIL/System.Xml/2.0.0.0__b77a5c561934e089/System.Xml.dll
----------------------------------------

************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.


==============================================================

Malwarebytes' Anti-Malware;

Webpage will not load - for download or 'home' - when trying to enter the address in manually, it goes to a google search page, and still will not load. Tried to change to just he direct address for the domain, and still nothing.

==============================================================

avast!

two files were detected after running avast - I told it to clean, it said unable, so I chose delete. The files were stated as being "Alureon-Am [RTK]" and "Trojan-gen {Other}"
It ran fine, then sat at 99% complete for almost 5 hours. I pressed escape, the computer booted up, and I was unable to connect to the internet with internet explorer at all. I went ahead and ran avast again, and it only found the first "Alureon-Am {RTK}" this time. I was not in front of my monitor when it booted up after this run of the program.
It is still currently running in the background.

=============================================================

Rooter

When I open this application (I had to download it with my laptop, and transfer it to a network folder for my desktop, which is how I'm now posting any of this) it does not show the application in English. I believe it's in French. I understand the word Error, and then it closes, no matter the option I chose. If you'd like destails, or a screen cap, please let me know and I can post it.

=============================================================

OTList2

OTList Log File;

OTListIt logfile created on: 5/23/2009 10:32:34 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Users\Jessica\Desktop\For Matthew
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.44% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 4090 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.19 Gb Total Space | 35.64 Gb Free Space | 15.97% Space Free | Partition Type: NTFS
Drive D: | 9.70 Gb Total Space | 4.10 Gb Free Space | 42.28% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JESSICA-PC
Current User Name: Jessica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Windows\system32\crypserv.exe (Kenonic Controls Ltd.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
PRC - C:\Windows\system32\lxczcoms.exe ( )
PRC - C:\Windows\system32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Users\Jessica\Desktop\For Matthew\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (cmdAgent [Auto | Stopped]) -- File not found
SRV - (Crypkey License [Auto | Running]) -- C:\Windows\system32\crypserv.exe (Kenonic Controls Ltd.)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Running]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (lxcz_device [Auto | Running]) -- C:\Windows\system32\lxczcoms.exe ( )
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Roxio UPnP Renderer 9 [On_Demand | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9 [Auto | Stopped]) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (RoxLiveShare9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Stopped]) -- C:\Windows\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\Windows\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt [Auto | Running]) -- C:\Windows\system32\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV - (aswRdr [System | Running]) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (bcm4sbxp [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdGuard [System | Running]) -- C:\Windows\System32\DRIVERS\cmdguard.sys (COMODO)
DRV - (cmdHlp [System | Running]) -- C:\Windows\System32\DRIVERS\cmdhlp.sys (COMODO)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (e1express [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\e1e6032.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (hamachi [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HECI [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HECI.sys (Intel Corporation)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWBS2 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iaStorV [Boot | Running]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (Inspect [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\inspect.sys (COMODO)
DRV - (IntelDH [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\IntelDH.sys (Intel Corporation)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (netr73 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\WUSB54GCx86.sys (Ralink Technology Inc.)
DRV - (NETw2v32 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\NETw2v32.sys (Intel® Corporation)
DRV - (NetworkX [System | Running]) -- C:\Windows\system32\ckldrv.sys ()
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (pavboot [Boot | Running]) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\Windows\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (snpstd [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\snpstd.sys ()
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SRS_SSCFilter [On_Demand | Running]) -- C:\Windows\system32\drivers\srs_sscfilter_i386.sys ()
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\system32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vncmirror [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\vncmirror.sys (RealVNC Ltd.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...DTP&M=DX430
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=DX430
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...DTP&M=DX430

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"



[2009/01/07 14:22:34 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\8kndky55.default\extensions
[2009/04/19 12:03:39 | 00,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\8kndky55.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/12/09 19:06:44 | 00,002,158 | ---- | M] () -- C:\Users\Jessica\AppData\Roaming\Mozilla\FireFox\Profiles\8kndky55.default\searchplugins\MySpace.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.32.5\MySpaceToolbar.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (MySpace Toolbar) - {28AED1AF-B164-44CD-B435-CF04AA955015} - C:\Program Files\MySpace\Toolbar\1.0.32.5\MySpaceToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h File not found
O4 - HKLM..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\Firewall\cfp.exe" -h File not found
O4 - HKLM..\Run: [css] C:\Program Files\Comodo\Css\cssurf.exe /s File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} http://bgweb.nowcdn....DownStarter.cab (DownStarter Control)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} http://webserver.dyy...nt/DyynoCAB.CAB (DyynoX Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gatew...rvest/gwCID.CAB (compid Class)
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} http://disteng.neffi...ffyLauncher.cab (NeffyLauncherCtl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.92,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{9AD8EE3D-4182-4E08-9056-F23949BBA1EA}\\NameServer = 85.255.112.92,85.255.112.104
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{F6CA162D-FDA8-4AEB-B173-985E3059E249}\\NameServer = 85.255.112.92,85.255.112.104
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\system32\guard32.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Comodo\Css\cssdll32.dll) - C:\PROGRA~1\Comodo\Css\cssdll32.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/23 10:31:41 | 00,000,000 | R--D | M]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/05/23 10:17:21 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/22 12:50:34 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/05/22 12:50:34 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/05/22 12:50:34 | 00,001,887 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/05/22 12:50:26 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/05/22 12:50:25 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/05/22 12:50:25 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/05/22 12:50:06 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/05/22 12:50:06 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/05/22 12:50:06 | 00,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/05/22 12:50:04 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/22 12:49:22 | 34,346,616 | ---- | C] () -- C:\Users\Jessica\Desktop\setupeng.exe
[2009/05/22 12:34:34 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/05/22 12:33:54 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/20 16:04:40 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Jessica\Desktop\erunt_setup.exe
[2009/05/20 16:04:15 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Users\Jessica\Desktop\SysRestorePoint.exe
[2009/05/20 15:55:50 | 00,001,912 | ---- | C] () -- C:\Users\Jessica\Desktop\HijackThis.lnk
[2009/05/20 15:55:49 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/20 15:55:13 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jessica\Desktop\HJTInstall.exe
[2009/05/16 00:25:38 | 00,126,768 | ---- | C] () -- C:\Users\Jessica\Desktop\mms.wav
[2009/05/15 12:36:28 | 00,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2009/05/15 11:28:16 | 00,000,000 | ---D | C] -- C:\Users\Jessica\Documents\RCT3
[2009/05/15 11:28:16 | 00,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\Atari
[2009/05/15 11:13:17 | 00,001,957 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon® 3.lnk
[2009/05/15 11:11:29 | 00,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\Leadertech
[2009/05/15 11:11:24 | 00,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/05/15 11:11:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PocketSoft
[2009/05/15 11:07:37 | 00,000,000 | ---D | C] -- C:\Program Files\Atari
[2009/05/14 11:06:56 | 00,000,122 | ---- | C] () -- C:\Windows\WA.INI
[2009/05/14 11:04:17 | 00,001,698 | ---- | C] () -- C:\Users\Jessica\Desktop\Worms Armageddon.lnk
[2009/05/14 11:04:02 | 01,594,558 | ---- | C] () -- C:\Windows\WANEUninstaller.exe
[2009/05/14 10:59:21 | 00,000,000 | ---D | C] -- C:\Games
[2009/05/14 09:54:28 | 00,251,930 | ---- | C] ( ) -- C:\Windows\System32\winreger.exe
[2009/05/08 14:29:21 | 00,016,384 | ---- | C] () -- C:\Users\Jessica\Desktop\Jessica Resume through state agency.doc
[2009/04/29 23:03:43 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/04/29 23:03:20 | 15,669,6397 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/04/29 16:14:03 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2009/04/29 16:13:59 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/04/29 09:07:27 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2009/04/26 18:21:27 | 21,198,56128 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/26 15:41:02 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/04/26 15:41:01 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/04/26 15:39:52 | 63,049,904 | ---- | C] (AVG Technologies) -- C:\Users\Jessica\Desktop\avg_free_stf_en_85_285a1462.exe
[2009/04/26 15:19:52 | 16,438,680 | ---- | C] () -- C:\Users\Jessica\Desktop\jre-6u13-windows-i586-p-s.exe
[2009/04/26 13:04:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/04/26 12:32:24 | 00,000,000 | R--D | C] -- C:\Users\Jessica\Desktop\Favorites
[2008/10/15 21:48:23 | 00,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2008/09/07 18:04:13 | 00,001,361 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2008/07/21 19:42:32 | 00,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2008/06/23 13:47:06 | 00,042,112 | ---- | C] () -- C:\Windows\System32\drivers\csiidecoder_kern_i386.sys
[2008/06/23 13:47:05 | 00,047,360 | ---- | C] () -- C:\Windows\System32\drivers\Surroundhp_kern_i386.sys
[2008/06/23 13:47:05 | 00,047,104 | ---- | C] () -- C:\Windows\System32\drivers\tshd4_kern_i386.sys
[2008/06/23 13:47:05 | 00,039,808 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
[2008/05/30 12:22:22 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/30 12:18:56 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/05/30 12:18:56 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/05/30 12:18:00 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/05/23 16:38:31 | 00,147,192 | ---- | C] () -- C:\Windows\System32\guard32.dll
[2008/04/22 09:06:04 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/22 08:26:01 | 00,685,816 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/04/15 15:33:37 | 00,001,125 | ---- | C] () -- C:\Windows\Winamp.ini
[2008/04/15 15:33:31 | 00,000,041 | ---- | C] () -- C:\Windows\winampa.ini
[2008/01/22 00:25:55 | 00,000,060 | ---- | C] () -- C:\Windows\Crypkey.ini
[2008/01/22 00:25:52 | 00,024,608 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2008/01/22 00:25:52 | 00,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2008/01/22 00:19:38 | 00,296,448 | ---- | C] () -- C:\Windows\Xenofex.ini
[2008/01/22 00:16:40 | 00,000,110 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2008/01/22 00:02:37 | 00,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/01/21 19:18:14 | 00,000,234 | ---- | C] () -- C:\Windows\Lexstat.ini
[2008/01/21 19:14:07 | 00,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll
[2008/01/21 19:14:07 | 00,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll
[2008/01/21 19:14:07 | 00,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll
[2008/01/21 19:14:07 | 00,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll
[2008/01/21 19:14:06 | 01,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll
[2008/01/21 19:14:06 | 00,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll
[2008/01/21 19:14:06 | 00,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll
[2008/01/21 19:14:06 | 00,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll
[2008/01/21 19:14:06 | 00,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll
[2008/01/21 19:14:06 | 00,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll
[2008/01/21 19:14:05 | 00,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll
[2008/01/21 19:14:05 | 00,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll
[2008/01/21 19:14:04 | 00,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll
[2008/01/21 19:14:03 | 00,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll
[2008/01/11 18:43:44 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2008/01/11 18:43:44 | 00,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/01/11 18:43:41 | 00,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007/02/07 21:58:12 | 00,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2007/01/22 12:49:34 | 00,344,064 | ---- | C] () -- C:\Windows\System32\lxczcoin.dll
[2006/12/12 14:13:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1147.dll
[2006/12/12 13:48:16 | 00,467,264 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2006/12/12 13:02:50 | 00,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:23:31 | 00,000,265 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 05:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/07 17:23:04 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv7.dll
[2006/03/27 15:19:14 | 00,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
[2006/03/07 15:59:04 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv6.dll
[2006/01/10 21:11:06 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv5.dll
[2006/01/10 21:11:06 | 00,061,440 | ---- | C] () -- C:\Windows\System32\lxczcnv4.dll
[2004/02/19 00:12:00 | 00,299,776 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys
[2004/02/16 03:15:00 | 00,015,541 | ---- | C] () -- C:\Windows\snpstd.ini
[2004/01/28 02:59:00 | 00,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll
[2003/12/09 23:17:00 | 00,057,344 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll
[2003/10/21 18:40:00 | 00,053,248 | ---- | C] () -- C:\Windows\System32\dsnpstd.dll
[2003/01/07 17:05:08 | 00,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/05/23 08:37:11 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/23 08:37:11 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/22 23:52:13 | 00,000,530 | ---- | M] () -- C:\Users\Jessica\Documents\My Sharing Folders.lnk
[2009/05/22 20:42:01 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/22 20:42:01 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/22 20:42:01 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/22 20:40:01 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/05/22 20:37:24 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/22 20:37:02 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/22 20:36:28 | 21,198,56128 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/22 12:51:33 | 00,000,004 | ---- | M] () -- C:\Windows\System32\gxvxccounter
[2009/05/22 12:50:34 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/05/22 12:50:25 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/05/22 12:49:24 | 34,346,616 | ---- | M] () -- C:\Users\Jessica\Desktop\setupeng.exe
[2009/05/22 12:15:34 | 00,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{61DAC4E2-C802-4C4B-810A-D4A37892152D}.job
[2009/05/20 16:04:46 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Jessica\Desktop\erunt_setup.exe
[2009/05/20 16:04:16 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Users\Jessica\Desktop\SysRestorePoint.exe
[2009/05/20 15:55:50 | 00,001,912 | ---- | M] () -- C:\Users\Jessica\Desktop\HijackThis.lnk
[2009/05/20 15:55:16 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jessica\Desktop\HJTInstall.exe
[2009/05/20 15:40:40 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2009/05/16 00:25:53 | 00,126,768 | ---- | M] () -- C:\Users\Jessica\Desktop\mms.wav
[2009/05/15 11:22:56 | 00,001,957 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon® 3.lnk
[2009/05/14 11:15:55 | 00,000,122 | ---- | M] () -- C:\Windows\WA.INI
[2009/05/14 11:04:20 | 01,594,558 | ---- | M] () -- C:\Windows\WANEUninstaller.exe
[2009/05/14 11:04:17 | 00,001,698 | ---- | M] () -- C:\Users\Jessica\Desktop\Worms Armageddon.lnk
[2009/05/14 09:55:23 | 00,251,930 | ---- | M] ( ) -- C:\Windows\System32\winreger.exe
[2009/05/12 23:09:02 | 15,669,6397 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/05/08 14:29:32 | 00,016,384 | ---- | M] () -- C:\Users\Jessica\Desktop\Jessica Resume through state agency.doc
[2009/04/26 15:39:52 | 63,049,904 | ---- | M] (AVG Technologies) -- C:\Users\Jessica\Desktop\avg_free_stf_en_85_285a1462.exe
[2009/04/26 15:19:52 | 16,438,680 | ---- | M] () -- C:\Users\Jessica\Desktop\jre-6u13-windows-i586-p-s.exe
< End of report >


OT List Extras File;

OTListIt Extras logfile created on: 5/23/2009 10:32:34 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Users\Jessica\Desktop\For Matthew
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.44% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 4090 4095 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.19 Gb Total Space | 35.64 Gb Free Space | 15.97% Space Free | Partition Type: NTFS
Drive D: | 9.70 Gb Total Space | 4.10 Gb Free Space | 42.28% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JESSICA-PC
Current User Name: Jessica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
Reg Error: Unknown registry data type File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1909851182-3047326298-2530056749-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

{03FE0366-AE31-457D-9BEF-75E31711EE85} = LPORT=1900 | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE MESSENGER (SSDP-IN) | APP=SVCHOST.EXE | SVC=SSDPSRV |
{06C34F9F-1AF1-4154-85E2-B9C6A6AAEEDA} = RPORT=2177 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31265 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{0CB07013-025B-44D3-90B1-6DF34564DE34} = LPORT=139 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28503 | APP=SYSTEM |
{1207516C-8472-4E61-8918-D48D0658911D} = RPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-32811 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDRESPUB |
{18FBBDF2-BDEE-491D-B7EA-242EFF4D1794} = RPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-32757 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{1D45D392-4A81-456C-AB26-1F986C0C87B6} = LPORT=5355 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-32801 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=DNSCACHE |
{2B12EA85-4495-4FEB-9DF9-06A9E5BCF269} = RPORT=137 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-28523 | APP=SYSTEM |
{2E12C8C0-AF03-472B-9184-A882F9641E54} = LPORT=2869 | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE MESSENGER (UPNP-IN) | APP=SYSTEM |
{32DF894D-4FD2-43C1-A86C-BD7E7F7D2B30} = RPORT=10243 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31289 | APP=SYSTEM |
{348CA9B6-4ABC-41E3-B1F3-2EAA629E270C} = LPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-32809 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDRESPUB |
{3B1C2B52-DFC9-4832-886A-CBE925E05319} = RPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-32789 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDPHOST |
{56656FB3-C162-477E-AE29-8BBA7E491156} = RPORT=139 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-28507 | APP=SYSTEM |
{59ADE5F6-028D-48A6-95DB-316048028567} = LPORT=1900 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31269 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{7287F0E3-413C-4466-8DE4-46BF2AFF528D} = LPORT=137 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-28519 | APP=SYSTEM |
{771325E7-866F-493A-9C8D-9FBE342FF38A} = LPORT=2869 | PROFILE=DOMAIN | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-31277 | APP=SYSTEM |
{785B1ED0-1B03-47D4-A70C-FE18FE0B16E8} = LPORT=1900 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-32753 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{91E5C5F7-D9FC-4CD8-AE48-EAA784FE5B80} = LPORT=2869 | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE MESSENGER 8.1 (UPNP-IN) | APP=SYSTEM |
{93211440-7DD8-4533-9E0C-8359A46E7E56} = LPORT=2177 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31253 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{9A4083B5-FFF8-4E0C-B284-7A61EF43582B} = LPORT=RPC-EPMAP | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28539 | SVC=RPCSS |
{A5D485BF-3C30-4835-B209-690EA0CC0C50} = LPORT=138 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-28527 | APP=SYSTEM |
{A8CC054F-1D89-40CA-AC32-1AF8C6D08E1F} = RPORT=2177 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31257 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{ACDB113B-C3E1-4959-A780-1165ECBF4C47} = RPORT=1900 | PROFILE=DOMAIN | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31273 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{BE5B7DB9-1DA7-4E4D-949C-C98188DD0AEE} = LPORT=10243 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-31285 | APP=SYSTEM |
{D0F5E55B-C268-49AF-B670-DFA6B1973B3D} = LPORT=3702 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-32785 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=FDPHOST |
{D3A17D26-3B47-4E14-B8C2-38237B0F11B7} = LPORT=1900 | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE MESSENGER 8.1 (SSDP-IN) | APP=SVCHOST.EXE | SVC=SSDPSRV |
{D95B32C8-6766-46FC-A3F4-67619F45134D} = LPORT=RPC | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28535 | APP=%SYSTEMROOT%\SYSTEM32\SPOOLSV.EXE | SVC=SPOOLER |
{DC6DD825-4405-4F2D-A5CD-1EA1E5E57A83} = RPORT=445 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-28515 | APP=SYSTEM |
{DE330A80-D926-4C9B-B054-B70F2A6D6C2A} = RPORT=138 | PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-28531 | APP=SYSTEM |
{EA045F37-45E7-4D59-BE67-0BA4071F8B61} = LPORT=2177 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-31261 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{EB3C8A9E-6E5A-4BDF-8679-822F3F0D6002} = RPORT=5355 | PROFILE=PUBLIC | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-32805 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=DNSCACHE |
{F1A39444-D73E-47F8-BA63-FB7B8B10AB8B} = LPORT=445 | PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-28511 | APP=SYSTEM |

========== Vista Active Application Exception List ==========

{014EF3A2-D108-44BE-9234-FD1534BA0444} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=YAHOO! FT SERVER | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YSERVER.EXE |
{1055A7BC-CB94-4926-94E3-20C14F9A8CB7} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31297 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{178F357E-39B1-4A8F-BD28-89AEF705C721} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT | APP=C:\PROGRAM FILES\UTORRENT\UTORRENT.EXE |
{200D5BC4-78C1-49B6-B713-B144D81159EB} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AVG FREE TRAY ICON | APP=C:\PROGRAM FILES\AVG\AVG8\AVGTRAY.EXE |
{211424E8-F20F-41DC-AED8-0121B83639CA} = PROFILE=PRIVATE | PROTOCOL=1 | DIR=OUT | ACTION=ALLOW | [email protected],-28544 |
{2B4EB75E-9838-41C8-A2FD-0E492B53ECBF} = PROFILE=PRIVATE | PROTOCOL=1 | DIR=IN | ACTION=ALLOW | [email protected],-28543 |
{3087A524-88AB-4854-9651-0FBECC503857} = DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE MESSENGER | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE |
{34FACE7D-F855-45E3-8251-C610A74DB796} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31301 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{3E713F7A-D8C0-4DF0-BADB-2E8A8C591F37} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT | APP=C:\PROGRAM FILES\UTORRENT\UTORRENT.EXE |
{43E19029-B0B4-4C90-96A9-D6804D752470} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31317 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{44610A2B-F3B9-4224-A77D-D69AB67306F9} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AIM | APP=C:\PROGRAM FILES\AIM6\AIM6.EXE |
{464C5716-0BDA-40A4-BAB9-F8F76117E588} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=BONJOUR | APP=C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE |
{48AB0A26-E7FE-49A5-814A-BE5A2CC05A2C} = DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE MESSENGER (PHONE) | APP=C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\LIVECALL.EXE |
{49F56ABB-6CFD-428B-B54B-EBC72EDF1EF9} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=YAHOO! MESSENGER | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE |
{4A8633F7-0FA2-46C0-A170-BF588152AE01} = DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE MESSENGER 8.1 (PHONE) | APP=C:\PROGRAM FILES\MSN MESSENGER\LIVECALL.EXE |
{4BA3C50A-9244-4314-B0F1-FFEB00EA2A3B} = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT | APP=C:\PROGRAM FILES\UTORRENT\UTORRENT.EXE |
{58751106-16FB-4983-BE7F-E49F44D6A71A} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=SFRAME.EXE | APP=C:\PROGRAM FILES\GALA-NET\RAPPELZ_USA\SFRAME.EXE |
{59252EB9-5883-47C8-B017-303F8D6985EA} = PROFILE=PUBLIC | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-32821 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |
{6331189E-33D7-4890-B49C-4DC26B5D821E} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31305 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{6C93DF84-EE14-497B-BCCC-FDD380CF1C9A} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31011 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{6F6343A6-1B1B-46A9-89CD-DFCBE7D3D29E} = PROFILE=DOMAIN | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31007 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{79E328F3-9229-4559-BA24-779255225DC7} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=PRINTER STATUS WINDOW | APP=C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\LXCZPSWX.EXE |
{80A88B6C-A2E4-4037-BC89-6DF3DF788BF0} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=BONJOUR | APP=C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE |
{80F90BAB-2445-461F-9B96-D99F19517D35} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=YAHOO! FT SERVER | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YSERVER.EXE |
{86AD3969-7B84-4CE4-8F16-896C700F6A66} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=LEXMARK COMMUNICATIONS SYSTEM | APP=C:\WINDOWS\SYSTEM32\LXCZCOMS.EXE |
{86F61309-651A-4054-944A-9E699AA83734} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=YAHOO! MESSENGER | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE |
{8753D70F-ECEC-425A-9ADE-543A2374E5B9} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | [email protected],-31313 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{9AF8876B-0CC0-47D9-A8CD-875185076025} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=OUT | ACTION=ALLOW | [email protected],-31309 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{9CA7F36F-3307-445E-BA48-EF642C3C23B9} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31281 | APP=SYSTEM |
{A636D5FA-F2E3-4A70-A068-B3340B2A8F60} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AVG FREE USER INTERFACE | APP=C:\PROGRAM FILES\AVG\AVG8\AVGUI.EXE |
{A6E51E16-FD32-4726-94A5-2DF1210EF076} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=ΜTORRENT | APP=C:\PROGRAM FILES\UTORRENT\UTORRENT.EXE |
{B118EBE1-C30F-45C4-B6E5-21C927DC1704} = DIR=IN | ACTION=ALLOW | NAME=SKYPE | APP=C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE |
{B1485068-1A24-4F22-83AF-AC4A5DF4B8E8} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AVG FREE TRAY ICON | APP=C:\PROGRAM FILES\AVG\AVG8\AVGTRAY.EXE |
{B2484DAE-076E-412E-A566-CCBFBFA33D7F} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AIM | APP=C:\PROGRAM FILES\AIM6\AIM6.EXE |
{B34076CC-76B7-42CF-8506-0388E7F5B22A} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=SFRAME.EXE | APP=C:\PROGRAM FILES\GALA-NET\RAPPELZ_USA\SFRAME.EXE |
{BBA13FA1-CFBE-433E-9675-1B695EC522B3} = PROFILE=DOMAIN | PROTOCOL=6 | DIR=OUT | ACTION=ALLOW | [email protected],-31321 | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |
{C83BF059-10A7-464A-A72C-578FDAAFAA0F} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=LEXMARK COMMUNICATIONS SYSTEM | APP=C:\WINDOWS\SYSTEM32\LXCZCOMS.EXE |
{C9F06B70-8338-4E95-9ABD-468E6C7E50F1} = DIR=IN | ACTION=ALLOW | NAME=MYSPACEIM | APP=C:\PROGRAM FILES\MYSPACE\IM\MYSPACEIM.EXE |
{CC8E9169-1F45-4E97-82A8-4454F0C21EFE} = PROFILE=PRIVATE | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31293 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{D14424A9-885F-4A78-A006-ABE7E18ECB8A} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=PRINTER STATUS WINDOW | APP=C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\LXCZPSWX.EXE |
{DA13ABC8-C722-4723-8F95-51C8B1D4DAF0} = PROFILE=PRIVATE | PROTOCOL=58 | DIR=OUT | ACTION=ALLOW | [email protected],-28546 |
{E98612D2-D3AF-49AC-BF43-ADD900FAFC6B} = DIR=IN | ACTION=ALLOW | NAME=WINDOWS LIVE MESSENGER 8.1 | APP=C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE |
{EBC8DBE4-56C2-42C1-9F0D-0AD38D559CFE} = PROFILE=PRIVATE | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AVG FREE USER INTERFACE | APP=C:\PROGRAM FILES\AVG\AVG8\AVGUI.EXE |
{EBF2E8E9-0F54-4F9D-8C7B-A6D79253EE66} = PROFILE=PRIVATE | PROTOCOL=58 | DIR=IN | ACTION=ALLOW | [email protected],-28545 |
{F4BFC284-3903-4B9A-BBAF-53C81D597D37} = PROFILE=DOMAIN | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | [email protected],-31003 | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
TCP Query User{02D2FBBD-E748-4302-8C98-3AF9F078C8C1}C:\program files\aim6\aim6.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=AIM | APP=C:\PROGRAM FILES\AIM6\AIM6.EXE |
TCP Query User{C4967F1F-70C0-44BB-A8EC-069F3759D1F7}C:\program files\yahoo!\messenger\yahoomessenger.exe = PROFILE=PUBLIC | PROTOCOL=6 | DIR=IN | ACTION=ALLOW | NAME=YAHOO! MESSENGER | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE |
UDP Query User{97DA3600-167F-414E-BBC8-13764EC1368A}C:\program files\yahoo!\messenger\yahoomessenger.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=YAHOO! MESSENGER | APP=C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE |
UDP Query User{C92A5E69-D894-462B-9CFF-348E83D68271}C:\program files\aim6\aim6.exe = PROFILE=PUBLIC | PROTOCOL=17 | DIR=IN | ACTION=ALLOW | NAME=AIM | APP=C:\PROGRAM FILES\AIM6\AIM6.EXE |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F947884-527C-4D84-A1FA-B83F53CD3AF6}" = Gateway Connect
"{14FCAB34-70BD-49BF-BC23-C2E8954F3CBE}" = Comodo Safe Surf
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}" = Roxio Media Manager
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 ESD
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{C3CBE4AD-CC84-484F-8E44-CFB303BFDA4D}" = SRS Audio Sandbox
"{E144A786-D2DD-428B-9C1A-0EE3FA3515EA}" = Rappelz_USA
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F855C3AE-992D-4B84-A09D-07103CDCDAC2}" = Linksys Compact Wireless-G USB Adapter Driver - WUSB54GC
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"AIM_6" = AIM 6
"avast!" = avast! Antivirus
"BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}" = BlackBerry Desktop Software 4.2.2
"CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"COMODO Firewall Pro" = COMODO Firewall Pro
"D-Link CIF Webcam" = D-Link CIF Webcam
"DyynoPlayer" = DyynoPlayer 0.8.6f
"ERUNT_is1" = ERUNT 1.1j
"Eye Candy 4000" = Eye Candy 4000
"EyeCandy5Textures" = Alien Skin Eye Candy 5 Textures
"Filters Unlimited 1.0" = Filters Unlimited 1.0
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"KPT 6" = KPT 6
"Lexmark 1200 Series" = Lexmark 1200 Series
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft DirectX SDK (August 2008)" = Microsoft DirectX SDK (August 2008)
"MySpaceIM" = MySpaceIM
"MySpaceToolbar" = MySpace Toolbar
"PokerStars" = PokerStars
"PROSet" = Intel® PRO Network Connections Drivers
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver
"Worms Armageddon - New Edition" = Worms Armageddon - New Edition
"Xenofex 1.0" = Xenofex 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Absolute Poker" = Absolute Poker
"uTorrent" = µTorrent
"Yahoo! Messenger for Vista" = Yahoo! Messenger for Vista

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/15/2009 12:17:24 PM | Computer Name = Jessica-PC | Source = System Restore | ID = 8193
Description =

Error - 5/15/2009 2:54:06 PM | Computer Name = Jessica-PC | Source = SPP | ID = 16387
Description =

Error - 5/15/2009 2:54:07 PM | Computer Name = Jessica-PC | Source = System Restore | ID = 8193
Description =

Error - 5/15/2009 2:54:07 PM | Computer Name = Jessica-PC | Source = System Restore | ID = 8210
Description =

Error - 5/17/2009 2:18:43 AM | Computer Name = Jessica-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18226, time stamp
0x49ac95d6, faulting module Flash10a.ocx, version 10.0.12.36, time stamp 0x48e83175,
exception code 0xc0000005, fault offset 0x0021351b, process id 0xd70, application
start time 0x01c9d4d63476932f.

Error - 5/17/2009 3:25:37 AM | Computer Name = Jessica-PC | Source = Application Hang | ID = 1002
Description = The program RCT3plus.exe version 3.2.8.13 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1408 Start Time: 01c9d5d17df64602 Termination Time: 62

Error - 5/17/2009 11:55:09 AM | Computer Name = Jessica-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18226, time stamp
0x49ac95d6, faulting module Flash10a.ocx, version 10.0.12.36, time stamp 0x48e83175,
exception code 0xc0000005, fault offset 0x000ad6a3, process id 0x8fc, application
start time 0x01c9d704d0fa5b14.

Error - 5/17/2009 1:38:31 PM | Computer Name = Jessica-PC | Source = SPP | ID = 16387
Description =

Error - 5/17/2009 1:38:31 PM | Computer Name = Jessica-PC | Source = System Restore | ID = 8193
Description =

Error - 5/17/2009 1:38:31 PM | Computer Name = Jessica-PC | Source = System Restore | ID = 8210
Description =

[ Media Center Events ]
Error - 2/1/2008 4:45:37 PM | Computer Name = Jessica-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/24/2008 9:35:40 PM | Computer Name = Jessica-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/1/2008 4:39:06 PM | Computer Name = Jessica-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 8/28/2008 8:59:50 AM | Computer Name = Jessica-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/20/2009 9:31:25 PM | Computer Name = Jessica-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/3/2009 5:25:50 PM | Computer Name = Jessica-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/22/2008 8:17:56 AM | Computer Name = Jessica-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 11/22/2008 8:25:19 AM | Computer Name = Jessica-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 11/22/2008 6:21:32 PM | Computer Name = Jessica-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/24/2008 2:34:05 PM | Computer Name = Jessica-PC | Source = DCOM | ID = 10010
Description =

Error - 11/24/2008 2:36:07 PM | Computer Name = Jessica-PC | Source = HTTP | ID = 15016
Description =

Error - 11/24/2008 5:52:41 PM | Computer Name = Jessica-PC | Source = HTTP | ID = 15016
Description =

Error - 11/24/2008 9:22:38 PM | Computer Name = Jessica-PC | Source = HTTP | ID = 15016
Description =

Error - 11/25/2008 10:35:20 PM | Computer Name = Jessica-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:32:30 PM on 11/25/2008 was unexpected.

Error - 11/25/2008 10:35:29 PM | Computer Name = Jessica-PC | Source = HTTP | ID = 15016
Description =

Error - 11/26/2008 3:22:31 AM | Computer Name = Jessica-PC | Source = Service Control Manager | ID = 7031
Description =


< End of report >


I'll check back often, knows everyone's busy and has lives. Also, if ther's not actual information listed above, it does not mean I did not run the program listed, or take the step I was told to, it only means that I did not get an error while running the program. - Thank you again. Please let me know if there's anything else I can do.
  • 0

Advertisements

#2
Rorschach112
Posted 23 May 2009 - 10:33 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
ch0ices
Posted 23 May 2009 - 11:35 AM

ch0ices

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thank you - Here's the log;

ComboFix 09-05-22.08 - Jessica 05/23/2009 12:13.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2021.1282 [GMT -5:00]
Running from: c:\users\Jessica\Desktop\ComboFix.exe
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
PEV Error: CacheFile
PEV Error: CacheFolder

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\windows\system32\14786684.dll
c:\windows\system32\15089038.dll
c:\windows\system32\15271874.dll
c:\windows\system32\1717899.dll
c:\windows\system32\1723958.dll
c:\windows\system32\1745148.dll
c:\windows\system32\19672568.dll
c:\windows\system32\21450702.dll
c:\windows\system32\26315490.dll
c:\windows\system32\4304126.dll
c:\windows\system32\4626042.dll
c:\windows\system32\5657130.dll
c:\windows\system32\920568.dll
c:\windows\system32\9510203.dll
c:\windows\system32\drivers\gxvxcoqnxhtsbpmwxeruqiiyobdmudctrfiyt.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\x64
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS
-------\Legacy_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-04-23 to 2009-05-23 )))))))))))))))))))))))))))))))
.

2009-05-23 17:21 . 2009-05-23 17:26 -------- d-----w c:\users\Jessica\AppData\Local\temp
2009-05-23 15:17 . 2009-05-23 15:19 -------- d-----w C:\Rooter$
2009-05-22 17:50 . 2009-05-22 17:50 -------- d-----w c:\users\Jessica\AppData\Local\AOL
2009-05-22 17:50 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-22 17:50 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-22 17:50 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-22 17:50 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-22 17:50 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-22 17:50 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-22 17:50 . 2009-02-05 20:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-05-22 17:50 . 2009-05-22 17:50 -------- d-----w c:\program files\Alwil Software
2009-05-22 17:33 . 2009-05-22 17:33 -------- d-----w c:\program files\ERUNT
2009-05-21 14:48 . 2009-05-21 14:48 738120 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-05-20 20:55 . 2009-05-20 20:55 -------- d-----w c:\program files\Trend Micro
2009-05-15 21:04 . 2009-05-15 21:04 416128 ----a-w c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-15 17:36 . 2007-01-11 11:02 113664 ----a-w c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
2009-05-15 17:36 . 2009-05-15 17:36 -------- d-----w c:\programdata\EPSON
2009-05-15 16:28 . 2009-05-15 16:28 -------- d-----w c:\users\Jessica\AppData\Roaming\Atari
2009-05-15 16:11 . 2009-05-15 16:11 -------- d-----w c:\users\Jessica\AppData\Roaming\Leadertech
2009-05-15 16:11 . 2009-05-15 16:11 -------- d-----w c:\program files\Common Files\PocketSoft
2009-05-15 16:11 . 2002-02-27 23:50 197120 ----a-w c:\windows\patchw32.dll
2009-05-15 16:07 . 2009-05-15 16:07 -------- d-----w c:\program files\Atari
2009-05-14 16:04 . 2009-05-14 16:04 1594558 ----a-w c:\windows\WANEUninstaller.exe
2009-05-14 15:59 . 2009-05-14 15:59 -------- d-----w C:\Games
2009-05-14 14:54 . 2009-05-14 14:55 251930 ----a-w c:\windows\system32\winreger.exe
2009-04-30 22:04 . 2009-04-30 22:04 1893936 ----a-w c:\users\Jessica\AppData\Roaming\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.32.5.exe
2009-04-29 21:14 . 2008-06-19 21:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-04-29 21:13 . 2009-04-29 21:13 -------- d-----w c:\program files\Panda Security
2009-04-29 14:07 . 2009-04-18 15:26 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-26 20:41 . 2009-04-26 20:41 -------- d-----w c:\program files\AVG
2009-04-26 20:41 . 2009-05-22 17:45 -------- d-----w c:\programdata\avg8
2009-04-26 18:04 . 2009-04-29 14:12 -------- d-----w c:\program files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-23 01:39 . 2008-04-26 16:02 -------- d-----w c:\programdata\Google Updater
2009-05-19 21:58 . 2008-02-16 23:27 -------- d-----w c:\users\Jessica\AppData\Roaming\Skype
2009-05-19 21:51 . 2008-02-21 22:09 -------- d-----w c:\users\Jessica\AppData\Roaming\skypePM
2009-05-19 03:11 . 2008-01-22 01:01 -------- d-----w c:\program files\Messenger Plus! Live
2009-05-17 07:26 . 2008-04-22 14:06 -------- d-----w c:\users\Jessica\AppData\Roaming\uTorrent
2009-05-15 16:17 . 2008-01-12 00:06 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-26 22:19 . 2008-08-21 17:50 1356 ----a-w c:\users\Jessica\AppData\Local\d3d9caps.dat
2009-04-25 18:05 . 2008-04-15 20:49 -------- d-----w c:\program files\Winamp
2009-04-20 02:09 . 2008-02-04 22:18 -------- d-----w c:\program files\Microsoft Silverlight
2009-04-20 02:09 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-19 06:13 . 2008-04-14 18:54 -------- d-----w c:\program files\Yahoo!
2009-04-19 06:09 . 2009-04-19 06:06 155648 ----a-w c:\users\Jessica\AppData\Roaming\Microsoft\ipdll.dll
2009-04-18 01:12 . 2008-05-13 15:34 -------- d-----w c:\programdata\Apple Computer
2009-04-18 01:01 . 2008-05-28 16:31 -------- d-----w c:\program files\Neffy
2009-04-18 00:35 . 2008-01-12 00:08 -------- d-----w c:\program files\Google
2009-04-12 05:24 . 2009-04-12 05:23 1892856 ----a-w c:\users\Jessica\AppData\Roaming\MySpace\Toolbar\Installers\MySpaceToolbar_Setup_1.0.32.0.exe
2009-03-17 03:38 . 2009-04-15 23:26 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 23:26 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-05 04:56 . 2009-04-14 06:48 4604240 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{BB1A7242-6D7B-4873-A233-AB82866FD5FC}\mpengine.dll
2009-03-03 04:46 . 2009-04-15 23:29 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 23:29 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 23:28 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 23:29 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 23:29 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 23:29 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 23:28 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 23:29 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 23:29 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 23:29 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 23:29 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 23:29 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 23:28 26624 ----a-w c:\windows\system32\ieUnatt.exe
2008-06-20 10:23 . 2008-01-22 05:02 848 --sha-w c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28AED1AF-B164-44CD-B435-CF04AA955015}]
2009-04-29 22:34 220224 ----a-w c:\program files\MySpace\Toolbar\1.0.32.5\MySpaceToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"COMODO Internet Security"="c:\program files\Common Files\COMODO\Firewall\cfp.exe" [2008-12-05 1797880]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2007-03-01 303104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1909851182-3047326298-2530056749-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D14424A9-885F-4A78-A006-ABE7E18ECB8A}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"{79E328F3-9229-4559-BA24-779255225DC7}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxczpswx.exe:Printer Status Window
"{4A8633F7-0FA2-46C0-A170-BF588152AE01}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{C83BF059-10A7-464A-A72C-578FDAAFAA0F}"= UDP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System
"{86AD3969-7B84-4CE4-8F16-896C700F6A66}"= TCP:c:\windows\System32\lxczcoms.exe:Lexmark Communications System
"{49F56ABB-6CFD-428B-B54B-EBC72EDF1EF9}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{86F61309-651A-4054-944A-9E699AA83734}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{80F90BAB-2445-461F-9B96-D99F19517D35}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{014EF3A2-D108-44BE-9234-FD1534BA0444}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B118EBE1-C30F-45C4-B6E5-21C927DC1704}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{464C5716-0BDA-40A4-BAB9-F8F76117E588}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{80A88B6C-A2E4-4037-BC89-6DF3DF788BF0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A6E51E16-FD32-4726-94A5-2DF1210EF076}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{3E713F7A-D8C0-4DF0-BADB-2E8A8C591F37}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{178F357E-39B1-4A8F-BD28-89AEF705C721}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{4BA3C50A-9244-4314-B0F1-FFEB00EA2A3B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{B34076CC-76B7-42CF-8506-0388E7F5B22A}"= UDP:c:\program files\GALA-NET\Rappelz_USA\SFrame.exe:SFrame.exe
"{58751106-16FB-4983-BE7F-E49F44D6A71A}"= TCP:c:\program files\GALA-NET\Rappelz_USA\SFrame.exe:SFrame.exe
"{C9F06B70-8338-4E95-9ABD-468E6C7E50F1}"= c:\program files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{B2484DAE-076E-412E-A566-CCBFBFA33D7F}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{44610A2B-F3B9-4224-A77D-D69AB67306F9}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{48AB0A26-E7FE-49A5-814A-BE5A2CC05A2C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{02D2FBBD-E748-4302-8C98-3AF9F078C8C1}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{C92A5E69-D894-462B-9CFF-348E83D68271}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{C4967F1F-70C0-44BB-A8EC-069F3759D1F7}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{97DA3600-167F-414E-BBC8-13764EC1368A}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{EBC8DBE4-56C2-42C1-9F0D-0AD38D559CFE}"= UDP:c:\program files\AVG\AVG8\avgui.exe:AVG Free User Interface
"{A636D5FA-F2E3-4A70-A068-B3340B2A8F60}"= TCP:c:\program files\AVG\AVG8\avgui.exe:AVG Free User Interface
"{B1485068-1A24-4F22-83AF-AC4A5DF4B8E8}"= UDP:c:\program files\AVG\AVG8\avgtray.exe:AVG Free Tray Icon
"{200D5BC4-78C1-49B6-B713-B144D81159EB}"= TCP:c:\program files\AVG\AVG8\avgtray.exe:AVG Free Tray Icon
"{4D68FB7C-354A-4FD9-B7AA-DA42BDE61D7F}"= Disabled:UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{91502381-B4B2-4A45-8133-3C525F6CF374}"= Disabled:TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [4/29/2009 4:14 PM 28544]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [5/22/2009 12:50 PM 114768]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [5/23/2008 4:38 PM 99344]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [5/23/2008 4:38 PM 25104]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [5/22/2009 12:50 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [5/22/2009 12:50 PM 51792]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\System32\drivers\WUSB54GCx86.sys [9/7/2008 6:04 PM 256000]
S3 IntelDH;IntelDH Driver;c:\windows\System32\drivers\IntelDH.sys [1/11/2008 6:02 PM 5504]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 5:25 AM 2589184]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd
.
Contents of the 'Scheduled Tasks' folder

2009-05-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-26 15:59]

2009-05-22 c:\windows\Tasks\User_Feed_Synchronization-{61DAC4E2-C802-4C4B-810A-D4A37892152D}.job
- c:\windows\system32\msfeedssync.exe [2008-09-19 07:33]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-COMODO Firewall Pro - c:\program files\COMODO\Firewall\cfp.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX430
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} - hxxp://bgweb.nowcdn.co.kr/bin/DownStarter.cab
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-23 12:26
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\COMODO\Firewall\cmdagent.exe
c:\windows\System32\Crypserv.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\System32\lxczcoms.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2009-05-23 12:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-23 17:31

Pre-Run: 37,735,780,352 bytes free
Post-Run: 38,695,567,360 bytes free

256 --- E O F --- 2009-04-20 02:07
  • 0

#4
ch0ices
Posted 23 May 2009 - 11:37 AM

ch0ices

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I forgot to mention, I tried to close COMODO, but could not find it actually listed or showing in the sys tray or in the process list. Hope it didn't hurt too much :)
  • 0

#5
Rorschach112
Posted 23 May 2009 - 11:58 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download OTMoveIt3 by OldTimer
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Services

:Reg

:Files
c:\users\Jessica\AppData\Roaming\Microsoft\ipdll.dll
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • c:\windows\system32\winreger.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#6
ch0ices
Posted 24 May 2009 - 09:51 AM

ch0ices

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I've just C&P the code you requested, the program has given me an error and gotten rid of my tool bar at the bottom that not even pressing my windows keys will show again. I'm going to reboot and try again. orry for my delayed response as an irl emergency happens with people (wanna-be geeks) that have hte comp issues as well as the people trying to help them :)
Thanks again, and I'll try to post some results soon.
  • 0

#7
ch0ices
Posted 24 May 2009 - 10:33 AM

ch0ices

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
okae, I've rebooted a few times now. Before I rebooted last time, the message/log that OTMoveIt3 gave me was;
-Process explorer.exe killed successfully
-DllUnregister Server Procedure not found in c:\users\Jessica\AppData\Roaming\Microsoft\ipdll.dll

Then when I rebooted, I had a completely new background that i had never seen - but, I believe is one of the default vista ones. my firewall COMODO updated, I allowed it to, then that required me to reboot again. I'm not sure if I could access IE at that time or not, as I forgot to try.

When I rebooted from the COMODO update, I opened up IE to come here, and COMODO let me kwow that "AshWebSv.exe" was trying to access, so, I said no. My IE would not connect. I got on my laptop, read the instructions again from there for OTMoveIt3 and followed them. Pretty much the same thing happened again, same message on a pop up with the same "Access violation at address 1000FCA7. Read address of 1000FCA7." So, I rebooted again.

This time, when COMODO asked if I wanted to allow AshWebSv.exe, I said yes, and viola, here I am on IE posting again.

Next step pretty please ?
  • 0

#8
Rorschach112
Posted 24 May 2009 - 11:02 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
do the VirScan step in my previous post
  • 0

#9
ch0ices
Posted 24 May 2009 - 11:19 AM

ch0ices

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Sorry, I went back and read that. Also, there was no log available to post off of the first thing you asked me to run. Here's the log from the other you asked.

VirSCAN.org Scanned Report :
Scanned time : 2009/05/24 12:14:16 (CDT)
Scanner results: 8% Scanner(3/38) found malware!
File Name : winreger.exe
File Size : 251930 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 1e74d4a338a41282f86509c158944b1c
SHA1 : e817c52960ae21621b8e22df638874b570f7e484
Online report : http://virscan.org/r...a4feeb0c41.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 00040000000000 0004-00-00 0.35 -
AhnLab V3 2009.05.25.00 2009.05.25 2009-05-25 0.71 -
AntiVir 8.2.0.168 7.1.4.8 2009-05-24 0.32 TR/Dropper.Gen
Antiy 2.0.18 2.0.18. 0002-18-00 0.02 -
Arcavir 2009 200905232008 2009-05-23 0.06 -
Authentium 5.1.1 200905241458 2009-05-24 1.31 -
AVAST! 4.7.4 090524-0 2009-05-24 0.02 -
AVG 8.5.286 270.12.37/2131 2009-05-24 3.42 -
BitDefender 7.81008.3095504 7.25609 2009-05-25 2.93 -
CA (VET) 9.0.0.143 31.6.6518 2009-05-23 9.74 Win32/Sdbot.MS worm.
ClamAV 0.95 9376 2009-05-20 0.00 -
Comodo 3.9 1195 2009-05-24 0.70 -
CP Secure 1.1.0.715 2009.05.25 2009-05-25 9.48 -
Dr.Web 4.44.0.9170 2009.05.24 2009-05-24 4.56 -
F-Prot 4.4.4.56 20090524 2009-05-24 1.30 -
F-Secure 5.51.6100 2009.05.23.01 2009-05-23 5.09 -
Fortinet 2.81-3.117 10.423 2009-05-23 0.21 -
GData 19.5361/19.341 20090524 2009-05-24 4.21 -
ViRobot 20090523 2009.05.23 2009-05-23 0.41 -
Ikarus T3.1.01.49 2009.05.24.72760 2009-05-24 3.35 -
JiangMin 11.0.706 2009.05.24 2009-05-24 2.15 -
Kaspersky 5.5.10 2009.05.24 2009-05-24 0.09 -
KingSoft 2009.2.5.15 2009.5.24.21 2009-05-24 0.50 -
McAfee 5.3.00 5625 2009-05-24 2.92 -
Microsoft 1.4701 2009.05.24 2009-05-24 6.65 -
mks_vir 2.01 2009.05.23 2009-05-23 3.17 -
Norman 6.01.05 6.01.00 2009-05-22 2.01 -
Panda 9.05.01 2009.05.24 2009-05-24 2.33 -
Trend Micro 8.700-1004 6.146.26 2009-05-24 0.03 -
Quick Heal 10.00 2009.05.23 2009-05-23 1.25 -
Rising 20.0 21.30.62.00 2009-05-24 0.90 -
Sophos 2.86.0 4.41 2009-05-25 2.50 W32/Rbot-GXV
Sunbelt 5152 5152 2009-05-23 0.83 -
Symantec 1.3.0.24 20090524.003 2009-05-24 0.07 -
nProtect 20090524.01 3859763 2009-05-24 6.02 -
The Hacker 6.3.4.3 v00331 2009-05-22 0.62 -
VBA32 3.12.10.5 20090523.1908 2009-05-23 1.95 -
VirusBuster 4.5.11.10 10.105.38/1401459 2009-05-24 1.82 -
  • 0

#10
Rorschach112
Posted 24 May 2009 - 11:20 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

Advertisements

#11
ch0ices
Posted 24 May 2009 - 06:20 PM

ch0ices

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
It's been more then 5 hours and my computer is still running Kaspersky. It seems to be stuck at 70%. I'm going to post the logs for MBAM and wait to see if you want me to continue to wait for Kaspersky. I say logs for MBAM because the first time I went to run it, it would not update, so, I ran it once, then tried to update, it did in fact update, so I ran it again.
Thank you much in advance again.

1st log for MBAM
================

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 6.0.6001 Service Pack 1

5/24/2009 12:40:57 PM
mbam-log-2009-05-24 (12-40-49).txt

Scan type: Quick Scan
Objects scanned: 65385
Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Jessica\AppData\Roaming\Microsoft\ipdll.dll (Trojan.Agent) -> No action taken.


2nd log for MBAM
================

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 6.0.6001 Service Pack 1

5/24/2009 12:41:20 PM
mbam-log-2009-05-24 (12-41-20).txt

Scan type: Quick Scan
Objects scanned: 65385
Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Jessica\AppData\Roaming\Microsoft\ipdll.dll (Trojan.Agent) -> Quarantined and deleted successfully.
  • 0

#12
ch0ices
Posted 24 May 2009 - 11:04 PM

ch0ices

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
9 hours and one minute later - the Kapersky scan is done. lol - Here's the report;

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, May 25, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, May 24, 2009 19:54:25
Records in database: 2235542
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 218762
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 09:01:30


File name / Threat name / Threats count
C:\Jessicas Important Info\Jess old crap\Progs & Filters\From Mom\RevelationV2.zip Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 2
C:\Users\Jessica\Desktop\Asterik_Logger_62569.zip Infected: not-a-virus:PSWTool.Win32.Asterisk.a 1

The selected area was scanned.
  • 0

#13
Rorschach112
Posted 25 May 2009 - 07:24 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Services

:Reg

:Files
C:\Jessicas Important Info\Jess old crap\Progs & Filters\From Mom\RevelationV2.zip
C:\Users\Jessica\Desktop\Asterik_Logger_62569.zip
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time, and don't run the Custom Scan )

  • 0

#14
ch0ices
Posted 25 May 2009 - 09:41 AM

ch0ices

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Good Morning - and Thank you again :) Here's the latest log;

========== OTLISTIT ==========
Process explorer.exe killed successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Jessicas Important Info\Jess old crap\Progs & Filters\From Mom\RevelationV2.zip moved successfully.
C:\Users\Jessica\Desktop\Asterik_Logger_62569.zip moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\Arj.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\avlib.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\Avp1.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\AvpMgr.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\btimages.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\CAB.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\dmap.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\dtreg.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\FsDrvPlg.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\FSSync.dll scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\HashCont.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\HashMD5.PPL scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\HCCMP.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\ichk2.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\iChkSA.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\Inflate.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\IWGen.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\kave.dll scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\kosglue-7.0.26.0.dll scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\lha.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\L_llio.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\MailMsg.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\mdb.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\MDMAP.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\MemModSc.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\MemScan.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\minizip.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\MKavIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\msoe.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\nfio.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\NTFSstrm.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\prKernel.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\prLoader.dll scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\prseqio.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\PrUtil.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\Quantum.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\rar.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\ScanningProcess.exe scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\sfdb.PPL scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\TempFile.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\thpimpl.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\UniArc.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\UnLZX.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\UnStored.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\WDiskIO.ppl scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\hsperfdata_Jessica\2360 scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\fla78D0.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\VGX2A57.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\~DF5AA5.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\~DF5B7C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\~DF7D0E.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\~DF7D1D.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\~DF896C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Jessica\AppData\Local\temp\~DF8A46.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
User's Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.8 log created on 05252009_102658

Files moved on Reboot...
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\Arj.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\avlib.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\Avp1.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\AvpMgr.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\btimages.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\CAB.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\dmap.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\dtreg.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\FsDrvPlg.ppl moved successfully.
DllUnregisterServer procedure not found in C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\FSSync.dll
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\FSSync.dll NOT unregistered.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\FSSync.dll moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\HashCont.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\HashMD5.PPL moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\HCCMP.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\ichk2.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\iChkSA.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\Inflate.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\IWGen.ppl moved successfully.
DllUnregisterServer procedure not found in C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\kave.dll
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\kave.dll NOT unregistered.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\kave.dll moved successfully.
DllUnregisterServer procedure not found in C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\kosglue-7.0.26.0.dll
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\kosglue-7.0.26.0.dll NOT unregistered.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\kosglue-7.0.26.0.dll moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\lha.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\L_llio.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\MailMsg.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\mdb.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\MDMAP.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\MemModSc.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\MemScan.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\minizip.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\MKavIO.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\msoe.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\nfio.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\NTFSstrm.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\prKernel.ppl moved successfully.
DllUnregisterServer procedure not found in C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\prLoader.dll
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\prLoader.dll NOT unregistered.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\prLoader.dll moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\prseqio.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\PrUtil.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\Quantum.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\rar.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\ScanningProcess.exe moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\sfdb.PPL moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\TempFile.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\thpimpl.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\UniArc.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\UnLZX.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\UnStored.ppl moved successfully.
C:\Users\Jessica\AppData\Local\temp\jkos-Jessica\binaries\WDiskIO.ppl moved successfully.
File C:\Users\Jessica\AppData\Local\temp\hsperfdata_Jessica\2360 not found!
File C:\Users\Jessica\AppData\Local\temp\fla78D0.tmp not found!
C:\Users\Jessica\AppData\Local\temp\VGX2A57.tmp moved successfully.
File C:\Users\Jessica\AppData\Local\temp\~DF5AA5.tmp not found!
File C:\Users\Jessica\AppData\Local\temp\~DF5B7C.tmp not found!
File C:\Users\Jessica\AppData\Local\temp\~DF7D0E.tmp not found!
File C:\Users\Jessica\AppData\Local\temp\~DF7D1D.tmp not found!
File C:\Users\Jessica\AppData\Local\temp\~DF896C.tmp not found!
File C:\Users\Jessica\AppData\Local\temp\~DF8A46.tmp not found!

Registry entries deleted on Reboot...
  • 0

#15
Rorschach112
Posted 25 May 2009 - 09:43 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
post a new OTL log
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP