Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected PC - unsure of problem


  • Please log in to reply

#1
TCsmc

TCsmc

    New Member

  • Member
  • Pip
  • 5 posts
I was having issues with malware and spyware that seemed to have been fixed with MBAW, everything was fine for a day or two. I hadn't done much on the computer since then, today I find the following problems:

-can't open task manager, or very many other applications. Sometimes firefox will open, internet explorer ALWAYS opens, but a couple of select applications will not open.

-system restore points are gone

I can open MSconfig, and for the applications i couldn't open with the desktop icon, I found the .exe files and tried to open them, nothing worked. MBAW no longer finds any problems.

If it helps anything, I had the "Malware Protector 2009" malware and have been trying to get rid of it, I don't think it's completely gone and may be what is causing the random problems. If i'm posting this in the wrong forum, my apologies :-P
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello TCsmc

Welcome to G2Go. :)
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
TCsmc

TCsmc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I hope I'm not posting too much, this seems like a lot of information!

Results from yp3j1p88 are as follow:

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\SKYNETolatmuli.sys (*** hidden *** ) [SYSTEM] SKYNETcasawxbu <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcasawxbu
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\[email protected] \systemroot\system32\drivers\SKYNETolatmuli.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcasawxbu\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcasawxbu\[email protected] 10096
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcasawxbu\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcasawxbu\[email protected] 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcasawxbu\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcasawxbu\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcasawxbu\main\[email protected]* SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcasawxbu\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcasawxbu\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcasawxbu\[email protected] \systemroot\system32\drivers\SKYNETolatmuli.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcasawxbu\[email protected] \systemroot\system32\SKYNETsktpawes.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcasawxbu\[email protected] \systemroot\system32\SKYNETbwaaioii.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcasawxbu\[email protected] \systemroot\system32\SKYNETgcijgxyo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETcasawxbu\[email protected] \systemroot\system32\SKYNETpiuugqrj.dat
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcasawxbu
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] file system
Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] \systemroot\system32\drivers\SKYNETolatmuli.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcasawxbu\main
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcasawxbu\[email protected] 10096
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcasawxbu\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcasawxbu\[email protected] 14400
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcasawxbu\main\delete
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcasawxbu\main\injector
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcasawxbu\main\[email protected]* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcasawxbu\main\tasks
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcasawxbu\modules
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcasawxbu\[email protected] \systemroot\system32\drivers\SKYNETolatmuli.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcasawxbu\[email protected] \systemroot\system32\SKYNETsktpawes.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcasawxbu\[email protected] \systemroot\system32\SKYNETbwaaioii.dat
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcasawxbu\[email protected] \systemroot\system32\SKYNETgcijgxyo.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETcasawxbu\[email protected]

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\SKYNETolatmuli.sys 69120 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\SKYNET.dat 93 bytes
File C:\WINDOWS\system32\SKYNETbwaaioii.dat 360378 bytes
File C:\WINDOWS\system32\SKYNETgcijgxyo.dll 20992 bytes executable
File C:\WINDOWS\system32\SKYNETpiuugqrj.dat 93 bytes
File C:\WINDOWS\system32\SKYNETsktpawes.dll 45056 bytes executable

File C:\WINDOWS\Temp\SKYNETbpmdrnlxii.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETfkgifnpjju.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNEThqhhoyxkdp.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETjbftlpiamx.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETlpifaleyhs.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETnskibvapon.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETpldevivuhg.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETrecofqxpib.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETtxvgltjoib.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETxeoqemstaf.tmp 20992 bytes executable
File C:\WINDOWS\Temp\tmp11.tmp 0 bytes
File C:\WINDOWS\Temp\tmp1BC.exe 0 bytes
File C:\WINDOWS\Temp\tmp2A.tmp 0 bytes
File C:\WINDOWS\Temp\tmp29.tmp 0 bytes
File C:\WINDOWS\Temp\tmp2A.exe 0 bytes
File C:\WINDOWS\Temp\SKYNETjgpbgfnwgp.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETjhhaefybeu.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETjjpmhtypvv.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETjjwliluymb.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETjofojuyaay.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETjoqnosmjbj.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETjqgltgxrgd.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETjrvjbeidxb.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETjsjdygvcrg.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETkfdjogajnd.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETkfgxprbdee.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETkhroowbufa.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETkhxnsviwtg.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETkrjssrttyq.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETkwpwlqqcft.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETkxjgcutynt.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETkyvldaeqof.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETldipxrmtkj.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETlmtohrhtpt.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETlnekknhylq.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETbrlwkimreq.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETbsrmgaqopv.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETbtqthgmugt.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETceilpingwe.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETceobcyphob.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETcfcldsjqqk.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETcmvtspodsk.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETcmwghcdlfw.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETcqdyipbddn.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETcqsfshuibw.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETdcleicvios.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETdetqtuwtfh.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETdlghrlslty.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETdtspilqitt.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETdxqsryecse.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETdxrrxhuesr.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETegedadqejk.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETehcewaasyf.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETejhfijynqw.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETekotxpwnir.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETelgheralln.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETembsfeksry.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETemresulaxt.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETepuqdwfjby.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETessagucvxi.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETfbjqclisgs.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETfebpxtadxv.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETfhayfoyhqg.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETfjexfskcpl.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETfjngdygcpm.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETrecxnspnny.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETrkcvmagxbi.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETrkvcxnlbdi.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETrmmwolvtnv.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETrpjugsuxgy.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETrshyawjlkg.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETsbpeuxgifl.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETscrsoilbkt.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETsgigkkgemh.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETshcpeviiok.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETslxheojiuc.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETsmflnqsivv.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETsqdlvfrakf.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETtauhhcdobm.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETtcawmdoswa.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETtdpvgliomq.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETtdxpmlsjxg.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETtictdhtien.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETtimapchprb.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETtuedqsydph.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETtutcbmaumt.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETtwbfcmkucg.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETflbkevkxvw.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETfrmsqenpyw.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETfsbvipyhsu.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETftksmjeomp.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETfvrvbaoriu.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETfwcsfosvux.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETfyoxemwhfu.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETgfxpfgxmsj.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETglqpwcmbdn.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETgqiamjlqxh.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETgujusacjdv.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNEThdbrgxpjqi.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNEThdlvfddeyi.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNEThieufoabvk.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNEThkotgtaqck.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNEThojheqpdgk.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETxibhrprpqj.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETxjmtbfaavs.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETxmhwonpatp.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETxqwwhdifyr.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETxvcurnmcrd.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETxvftaxmvia.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETyetmcdrxqs.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETylwpgpteld.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETyohunstowr.tmp 18944 bytes executable
File C:\WINDOWS\Temp\SKYNETysjobvvhdg.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETyyfqtypcol.tmp 20992 bytes executable
File C:\WINDOWS\Temp\T30DebugLogFile.txt 0 bytes
File C:\WINDOWS\Temp\Temporary Internet Files 0 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5 0 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\9K7OTSUK 0 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\9K7OTSUK\00[1].gif 5019 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\9K7OTSUK\061-4200.English[1].dist 6293 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\9K7OTSUK\061-4514.English[1].dist 6484 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\9K7OTSUK\061-5374.English[1].dist 24564 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\9K7OTSUK\061-5849.English[1].dist 3161 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\9K7OTSUK\061-5926.English[1].dist 27394 bytes
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\9K7OTSUK\061-5969.English[1].dist 17718 bytes

---- EOF - GMER 1.0.15 ----

Results from OTL:

OTL logfile created on: 7/3/2009 5:41:41 PM - Run 2
OTL by OldTimer - Version 3.0.6.4 Folder = C:\Documents and Settings\John\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 712.81 Mb Available Physical Memory | 69.72% Memory free
2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.28% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.59 Gb Total Space | 7.31 Gb Free Space | 10.82% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNHOME
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe ()
PRC - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
PRC - C:\WINDOWS\System32\dlcxcoms.exe ( )
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\VentSrv\ventrilo_svc.exe ()
PRC - C:\Program Files\VentSrv\ventrilo_srv.exe ()
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
PRC - C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Documents and Settings\John\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Disabled | Stopped]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (BNPagent [Auto | Running]) -- C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe ()
SRV - (ccEvtMgr [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Creative Labs Licensing Service [Disabled | Stopped]) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
SRV - (Creative Service for CDROM Access [Disabled | Stopped]) -- C:\WINDOWS\System32\CTsvcCDA.exe (Creative Technology Ltd)
SRV - (CTDevice_Srv [Auto | Running]) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe (Creative Technology Ltd)
SRV - (dlcx_device [Auto | Running]) -- C:\WINDOWS\System32\dlcxcoms.exe ( )
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MDM [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (MSSQL$MICROSOFTSMLBIZ [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
SRV - (NSCService [Disabled | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (Symantec Corporation)
SRV - (odserv [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [Disabled | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SQLAgent$MICROSOFTSMLBIZ [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (Ventrilo [Auto | Running]) -- C:\Program Files\VentSrv\ventrilo_svc.exe ()
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()

========== Driver Services (SafeList) ==========

DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (APLMp50 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\APLMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ATI Remote Wonder II [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ATIRWVD.SYS (Jungo)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys (Creative Technology Ltd)
DRV - (CTUSFSYN [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (DSproct [On_Demand | Running]) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (hamachi [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (hnmwrlspkt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\hnm_wrls_pkt.sys (SingleClick Systems)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (llzpfzbv [On_Demand | Stopped]) -- C:\Program Files\Mozilla Firefox\llzpfzbv.sys ()
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (monfilt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Inc)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys (Creative Technology Ltd.)
DRV - (Packet [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\packet.sys (SingleClick Systems)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (SAMFILT [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\samfilt.sys (Dolphin, Inc.)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SDDMI2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DDMI2.sys (Gteko Ltd.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (sonypvs1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sonypvs1.sys (Sony Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SYMDNS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (TPkd [Boot | Running]) -- C:\WINDOWS\System32\drivers\TPkd.sys (PACE Anti-Piracy, Inc.)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbbus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (UsbDiag [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (USBModem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (wsppkt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\wsp_pkt.sys (SingleClick Systems)

========== Standard Registry (All) ==========

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/06/23 01:53:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/01 14:55:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/01 07:58:10 | 00,000,000 | ---D | M]

[2008/06/23 19:33:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Extensions
[2008/06/23 19:33:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/02 20:53:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\c49m4oh7.default\extensions
[2009/03/11 05:00:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\c49m4oh7.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2007/06/06 20:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\c49m4oh7.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/06/23 01:31:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\c49m4oh7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/02/06 06:35:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\c49m4oh7.default\extensions\[email protected]
[2009/03/12 00:06:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\c49m4oh7.default\extensions\[email protected]
[2008/06/23 01:40:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\c49m4oh7.default\extensions\[email protected]
[2009/07/02 20:53:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/01 07:58:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/02 02:37:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/08/26 19:27:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/04/30 17:00:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/06/24 08:26:10 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/24 08:26:11 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/01/16 20:17:04 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/11/06 11:33:48 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/12/10 19:33:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/06/27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/06/24 08:26:12 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2003/07/14 23:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/06/23 01:52:53 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/12/28 09:49:04 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/12/28 09:49:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/12/28 09:49:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/12/28 09:49:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/12/28 09:49:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/12/28 09:49:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/12/28 09:49:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/03/30 17:13:54 | 00,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2008/06/23 01:53:08 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/06/23 01:52:43 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2009/06/24 06:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 06:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 06:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 06:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 06:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 06:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 06:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (1160 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 test1111.com
O1 - Hosts: 74.125.45.100 test1112.com
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7be9ec9b-b349-4c39-97d9-169b3a99b3fa} - No CLSID value found.
O2 - BHO: (Easy Gif Animator Toolbar Helper) - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - {F61400CD-D8B5-4FD5-9FBE-1760616B1FA8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe (ATI Technologies Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [DellSupport] File not found
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDef.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2008/12/14 05:31:08 | 00,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk = C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.myspace...ronGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (ebiuvn.dll) - File not found
O20 - AppInit_DLLs: (mwanyh.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\cbXQIaYq: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\System32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\System32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\aAvgApi.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\AAWTray.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\adaware.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Ad-Aware.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\advxdwin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\ldscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\lnetinfo.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\loader.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\McSACore.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mcshell.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgavrtcl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\mgavrte.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pgmonitr.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pingscan.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\platin.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\pop3trap.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\poproxy.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winrecon.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winservn.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winssk32.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\winstart.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wrctrl.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wsbgate.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wupdater.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wupdt.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\wyvernworksfirewall.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\xpf202en.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\zapsetup3001.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zatutor.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\zonalm2601.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{ad460989-ff0e-11dd-a343-00188ba4d4e7}\Shell - "" = AutoRun
O33 - MountPoints2\{ad460989-ff0e-11dd-a343-00188ba4d4e7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad460989-ff0e-11dd-a343-00188ba4d4e7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d6fc16a7-c99e-11dd-a329-00188ba4d4e7}\Shell\AutoRun\command - "" = E:\LinksysConnectPC.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/03 17:37:52 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2009/07/01 07:58:13 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/06/23 21:06:07 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\John\My Documents\~$links.doc
[2009/06/23 21:06:06 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\John\My Documents\links.doc
[2009/06/20 01:14:46 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/06/20 00:29:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/06/20 00:28:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/06/20 00:28:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/06/20 00:01:45 | 10,721,03424 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/19 01:44:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\GooredFixBackups
[2009/06/19 01:43:33 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\John\Application Data\Malware Destructor 2009
[2009/06/19 01:43:31 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\MDestrSys
[2009/06/16 08:16:09 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\b96dab5
[2009/05/11 17:19:30 | 00,282,127 | ---- | C] () -- C:\WINDOWS\System32\deaaefcdeccefa.dll
[2008/11/06 11:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 11:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 11:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 11:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/11 05:58:43 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/11 05:58:43 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/27 03:26:58 | 00,020,481 | ---- | C] () -- C:\WINDOWS\System32\SystemsHook.dll
[2008/09/27 03:26:57 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\ssresources.dll
[2008/06/23 02:10:18 | 01,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2008/05/05 20:59:11 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/02/06 14:05:38 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\C4D14360CF.sys
[2008/02/06 13:48:48 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcxvs.dll
[2008/02/06 13:48:42 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcxcoin.dll
[2008/02/06 13:48:06 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\dlcxdrs.dll
[2008/02/06 13:48:06 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcxcaps.dll
[2008/02/06 13:48:05 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcxcnv4.dll
[2008/02/06 13:42:46 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLPRMON.DLL
[2008/02/06 13:42:46 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLPMONUI.DLL
[2008/02/06 13:40:56 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\dlcxinst.dll
[2008/02/06 13:40:55 | 00,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxinpa.dll
[2008/02/06 13:40:55 | 00,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhcp.dll
[2008/02/06 13:40:54 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\dlcxutil.dll
[2008/02/06 13:40:54 | 00,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxiesc.dll
[2008/02/06 13:40:53 | 00,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxusb1.dll
[2008/02/06 13:40:52 | 01,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxserv.dll
[2008/02/06 13:40:52 | 00,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxprox.dll
[2008/02/06 13:40:52 | 00,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpplc.dll
[2008/02/06 13:40:51 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxpmui.dll
[2008/02/06 13:40:51 | 00,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxlmpm.dll
[2008/02/06 13:40:50 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsb.dll
[2008/02/06 13:40:50 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcxins.dll
[2008/02/06 13:40:50 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlcxjswr.dll
[2008/02/06 13:40:50 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcxinsr.dll
[2008/02/06 13:40:49 | 00,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxhbn3.dll
[2008/02/06 13:40:48 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\dlcxgrd.dll
[2008/02/06 13:40:47 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcxcub.dll
[2008/02/06 13:40:47 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcxcu.dll
[2008/02/06 13:40:47 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcxcur.dll
[2008/02/06 13:40:46 | 00,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomc.dll
[2008/02/06 13:40:46 | 00,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcxcomm.dll
[2008/02/06 13:40:44 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\DLCXcfg.dll
[2007/04/18 16:24:49 | 00,000,075 | ---- | C] () -- C:\WINDOWS\VideoToAudioConverter.ini
[2007/04/18 16:24:06 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv11300p4now.sys
[2007/01/31 23:26:53 | 00,009,394 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/31 23:26:53 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\CF6043D1C4.sys
[2007/01/14 12:59:26 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/25 22:59:19 | 00,000,597 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/12/25 16:03:28 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/07 04:18:43 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/07 04:09:12 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/07 03:59:37 | 00,001,633 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/07 03:56:17 | 00,000,859 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/12/07 03:52:28 | 00,010,820 | ---- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
[2006/12/07 03:52:02 | 00,000,040 | ---- | C] () -- C:\WINDOWS\System32\mes2046.dll
[2006/12/07 03:51:41 | 00,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2006/12/07 03:20:22 | 01,355,042 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
[2006/12/07 03:20:02 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/12/07 03:19:36 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/12/07 03:19:32 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/12/07 03:19:20 | 00,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/10/14 05:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 05:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 05:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 05:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 05:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 05:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 05:56:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005/08/16 05:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 05:18:43 | 00,000,677 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 05:18:41 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/16 05:18:35 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/08/16 05:18:19 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2005/08/05 15:01:54 | 00,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 18:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/08/07 14:01:52 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/07/03 17:38:05 | 00,286,208 | ---- | M] () -- C:\yp3j1p88.exe
[2009/07/03 17:37:53 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2009/07/03 08:23:18 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/03 08:00:00 | 00,000,318 | ---- | M] () -- C:\WINDOWS\tasks\oabpwbpn.job
[2009/07/03 08:00:00 | 00,000,318 | ---- | M] () -- C:\WINDOWS\tasks\jncioubc.job
[2009/07/02 09:57:54 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/01 07:58:13 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/06/30 13:13:45 | 00,710,828 | ---- | M] () -- C:\Documents and Settings\John\Desktop\PitBull4-v4.0.0-beta1.zip
[2009/06/30 09:17:05 | 00,545,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/30 09:17:05 | 00,451,558 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/30 09:17:05 | 00,085,452 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/30 06:31:44 | 00,002,333 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
[2009/06/30 06:31:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/30 06:31:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/30 06:31:17 | 10,721,03424 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/23 21:06:07 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\John\My Documents\links.doc
[2009/06/23 21:06:07 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\John\My Documents\~$links.doc
[2009/06/20 00:34:15 | 00,000,677 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/06/20 00:34:15 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/06/20 00:34:15 | 00,000,209 | RHS- | M] () -- C:\boot.ini
[2009/06/19 01:54:00 | 00,001,160 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

========== LOP Check ==========

[2009/06/20 00:29:11 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/01/01 14:02:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI MMC
[2008/10/11 06:00:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/06/20 00:00:01 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\b96dab5
[2008/09/19 02:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2006/12/07 03:56:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2008/12/08 19:05:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/01/30 01:44:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/02/06 13:41:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DellFaxCtr
[2008/12/08 19:06:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2007/07/24 07:16:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GRETECH
[2009/06/19 01:43:31 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\MDestrSys
[2009/06/20 00:29:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/06/27 17:56:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/12/08 19:07:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009/06/30 06:31:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/08 19:03:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/02 14:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2006/12/07 04:05:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2009/06/19 01:43:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\John\Application Data
[2007/09/10 13:42:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\acccore
[2008/10/28 18:51:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Acreon
[2009/01/28 03:28:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Antares
[2006/12/07 03:54:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\ATI
[2008/10/11 06:00:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\AVSMedia
[2008/12/08 19:56:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Corel
[2008/02/06 14:05:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Corel Photo Album
[2008/01/07 02:07:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\CyberLink
[2008/02/06 14:10:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\DellFaxCtr
[2008/12/14 20:16:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\DNA
[2008/06/23 02:08:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\GetRightToGo
[2007/07/24 07:16:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\GRETECH
[2007/07/06 15:21:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Hamachi
[2008/12/15 23:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\ImgBurn
[2009/06/19 01:44:42 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\John\Application Data\Malware Destructor 2009
[2008/08/02 02:38:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\MidiLogic
[2009/02/06 06:44:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Move Networks
[2009/06/30 09:43:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\OpenOffice.org2
[2007/03/17 06:45:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Shareaza
[2007/05/13 09:18:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Template
[2009/04/08 21:38:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\U3
[2007/11/15 20:49:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Ventrilo
[2007/01/30 13:28:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Viewpoint
[2008/10/11 06:05:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\Xilisoft Corporation
[2009/07/02 09:57:54 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/03 08:00:00 | 00,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\jncioubc.job
[2009/07/03 08:00:00 | 00,000,318 | ---- | M] () -- C:\WINDOWS\Tasks\oabpwbpn.job
[2009/06/30 06:31:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C73F3ACA
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81
< End of report >
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
One or more of the identified infections is a backdoor trojan or a rootkit.

This can allow hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information,
please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions
to apprise them of your situation.

Please read this for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

======================================

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

  • 0

#5
TCsmc

TCsmc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
That sounds really bad =(

here's the results from combofix:

ComboFix 09-07-04.04 - John 07/04/2009 22:05:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.697 [GMT -5:00]
Running from: C:\ComboFix1.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\John\LOCALS~1\Temp\1.wmv
C:\install.exe
C:\WINDOWS\brwfd.gld
C:\WINDOWS\Installer\5da33537.msp
C:\WINDOWS\Installer\5da3354a.msp
C:\WINDOWS\Installer\5da33562.msp
C:\WINDOWS\Installer\5da33575.msp
C:\WINDOWS\Installer\5da33588.msp
C:\WINDOWS\Installer\5da3359b.msp
C:\WINDOWS\Installer\5da335af.msp
C:\WINDOWS\Installer\5da335c2.msp
C:\WINDOWS\Installer\626fa7e7.msp
C:\WINDOWS\Installer\626fa7ec.msp
C:\WINDOWS\Installer\626fa7f3.msp
C:\WINDOWS\Installer\6ec96.msp
C:\WINDOWS\Installer\6ecaa.msp
C:\WINDOWS\Installer\6ecbf.msp
C:\WINDOWS\Installer\a8dee5.msp
C:\WINDOWS\Installer\a8defe.msp
C:\WINDOWS\kb913800.exe
C:\WINDOWS\system32\drivers\SKYNETolatmuli.sys
C:\WINDOWS\system32\esgxmfgk.dll
C:\WINDOWS\system32\IEDFix.C.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SKYNETbwaaioii.dat
C:\WINDOWS\system32\SKYNETgcijgxyo.dll
C:\WINDOWS\system32\SKYNETpiuugqrj.dat
C:\WINDOWS\system32\SKYNETsktpawes.dll
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\Tasks\jncioubc.job
C:\WINDOWS\Tasks\oabpwbpn.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETcasawxbu


((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.

2009-07-04 05:48:53 . 2009-07-04 06:49:01 0 d-----w- C:\Fraps
2009-07-03 22:38:03 . 2009-07-03 22:38:05 286208 ----a-w- C:\yp3j1p88.exe
2009-06-22 10:53:50 . 2009-06-22 10:53:50 93 ----a-w- C:\WINDOWS\system32\SKYNET.dat
2009-06-20 06:14:46 . 2009-06-20 06:14:46 0 d-----w- C:\VundoFix Backups
2009-06-20 05:29:11 . 2009-06-20 05:29:11 0 d-----w- C:\Documents and Settings\All Users\Application Data\SITEguard
2009-06-20 05:28:15 . 2009-06-20 05:28:15 0 d-----w- C:\Program Files\Common Files\iS3
2009-06-20 05:28:14 . 2009-06-27 22:56:23 0 d-----w- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-06-20 04:24:38 . 2009-06-20 04:24:38 0 d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-06-19 06:43:33 . 2009-06-19 06:44:42 0 d-sh--w- C:\Documents and Settings\John\Application Data\Malware Destructor 2009
2009-06-19 06:43:31 . 2009-06-19 06:43:31 0 d-sh--w- C:\Documents and Settings\All Users\Application Data\MDestrSys
2009-06-19 06:43:30 . 2009-06-15 10:26:59 435704 ----a-w- C:\Documents and Settings\All Users\Application Data\b96dab5\sqlite3.dll
2009-06-19 06:43:30 . 2009-06-15 10:26:58 710136 ----a-w- C:\Documents and Settings\All Users\Application Data\b96dab5\mozcrt19.dll
2009-06-16 13:16:09 . 2009-06-20 05:00:01 0 d-sh--w- C:\Documents and Settings\All Users\Application Data\b96dab5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 03:16:05 . 2006-12-07 09:17:50 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-04 05:12:47 . 2008-08-07 06:38:35 0 d-----w- C:\Program Files\Game Cam V2
2009-06-30 17:29:13 . 2006-12-25 17:52:23 0 d-----w- C:\Program Files\World of Warcraft
2009-06-30 14:43:14 . 2007-01-27 23:12:09 0 d-----w- C:\Documents and Settings\John\Application Data\OpenOffice.org2
2009-06-20 04:48:48 . 2009-02-12 09:08:59 0 d-----w- C:\Program Files\SUPERAntiSpyware
2009-06-20 04:25:26 . 2008-08-26 11:34:36 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-19 07:55:46 . 2008-02-06 18:49:34 0 d-----w- C:\Program Files\Dl_cats
2009-06-01 01:20:51 . 2009-06-01 01:20:51 390664 ----a-w- C:\Documents and Settings\John\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-11 22:39:05 . 2009-05-11 22:39:05 0 d-----w- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-05-11 22:24:33 . 2009-05-11 22:24:33 32 --s-a-w- C:\WINDOWS\system32\3400287520.dat
2009-05-11 22:19:30 . 2009-05-11 22:19:30 282127 ----a-w- C:\WINDOWS\system32\deaaefcdeccefa.dll
2008-11-07 09:41:38 . 2008-02-06 19:05:38 104 --sha-r- C:\WINDOWS\system32\C4D14360CF.sys
2008-04-08 18:32:27 . 2007-02-01 04:26:53 88 --sha-r- C:\WINDOWS\system32\CF6043D1C4.sys
2008-11-07 09:41:39 . 2007-02-01 04:26:53 9394 --sha-w- C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 11:00:00 15360]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-29 03:57:12 395776]
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 20:20:00 401408]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 23:41:00 1832272]
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [2006-04-06 04:03:40 1622016]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24:37 1694208]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-20 04:48:48 1830128]
"SetDefaultMIDI"="MIDIDef.exe" - C:\WINDOWS\MIDIDEF.EXE [2004-12-22 17:40:02 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-11-17 16:33:40 52848]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 00:48:02 761947]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-23 06:52:31 185896]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 17:06:18 106496]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 16:44:02 249856]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-27 00:34:26 169984]
"SigmatelSysTrayApp"="stsystra.exe" - C:\WINDOWS\stsystra.exe [2006-03-25 05:30:44 282624]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-12-7 7168]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-12-7 24576]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-11-2 122880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 15:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05:34 356352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdssserv.sys]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
path=C:\Documents and Settings\John\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"Creative Labs Licensing Service"=2 (0x2)
"comHost"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"AOL ACS"=2 (0x2)
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"wuauserv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Java\\jdk1.6.0_07\\jre\\bin\\java.exe"=
"C:\\Program Files\\Bradford Networks\\Persistent Agent\\bndaemon.exe"=
"C:\\WINDOWS\\system32\\dlcxcoms.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17:40 PM 9968]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17:38 PM 55024]
R2 BNPagent;Bradford Persistent Agent Service;C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe [6/29/2008 4:23:18 PM 2944392]
R2 dlcx_device;dlcx_device;C:\WINDOWS\system32\dlcxcoms.exe -service --> C:\WINDOWS\system32\dlcxcoms.exe -service [?]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 2:01:16 AM 13824]
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\drivers\wsp_pkt.sys [7/14/2006 2:02:22 AM 13696]
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17:42 PM 7408]
S3 ijktiox;ijktiox;\??\C:\Documents and Settings\John\Desktop\redilG\ijktiox.sys --> C:\Documents and Settings\John\Desktop\redilG\ijktiox.sys [?]
S3 llzpfzbv;llzpfzbv;C:\Program Files\Mozilla Firefox\llzpfzbv.sys [6/9/2008 1:49:09 PM 35712]
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34:12 . 2008-07-30 18:34:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7be9ec9b-b349-4c39-97d9-169b3a99b3fa} - (no file)
BHO-{F61400CD-D8B5-4FD5-9FBE-1760616B1FA8} - (no file)
HKCU-Run-Aim6 - (no file)
Notify-cbXQIaYq - (no file)


.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061207
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\c49m4oh7.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: C:\Documents and Settings\John\Application Data\Mozilla\Firefox\Profiles\c49m4oh7.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Open notepad and copy/paste the text in the codebox below into it:

http://www.geekstogo.com/forum/Infected-PC-unsure-problem-t243034.html

Driver::
ijktiox
llzpfzbv

Collect::
C:\Program Files\Mozilla Firefox\llzpfzbv.sys
C:\Documents and Settings\John\Desktop\redilG\ijktiox.sys
C:\WINDOWS\system32\SKYNET.dat
C:\WINDOWS\system32\deaaefcdeccefa.dll
C:\WINDOWS\system32\3400287520.dat

Suspect::
c:\Documents and Settings\All Users\Application Data\b96dab5\sqlite3.dll
C:\Documents and Settings\All Users\Application Data\b96dab5\mozcrt19.dll

Folder::
C:\Documents and Settings\John\Application Data\Malware Destructor 2009

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tdssserv.sys]
Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.
===========
Note::
If Combofix fails to upload anything please do the following:
Go to Start > My Computer > C:\
Then Navigate to C:\Qoobox\Quarantine\[4]-Submit_Date_Time.zip

Click Here to upload the submit.zip please.
  • 0

#7
TCsmc

TCsmc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
I uploaded the .zip file to the aforementioned link. I hope it helps :)
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok thanks can you post the Combofix log please.
  • 0

#9
TCsmc

TCsmc

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry about that! Here's the combofix log:

ComboFix 09-07-06.A0 - John 07/07/2009 10:32.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.663 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\Combo-Fix.exe
Command switches used :: c:\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

file zipped: c:\documents and settings\All Users\Application Data\b96dab5\Suspect_mozcrt19.dll.vir
file zipped: c:\documents and settings\All Users\Application Data\b96dab5\Suspect_sqlite3.dll.vir
.

((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-07 08:00 . 2009-07-07 08:00 -------- d-----w- c:\windows\LastGood
2009-07-06 08:11 . 2009-07-06 08:11 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-07-05 08:25 . 2009-07-05 08:25 -------- d-----w- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$
2009-07-05 04:08 . 2009-07-05 04:39 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-07-05 03:52 . 2009-03-06 14:00 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-07-05 03:52 . 2009-02-09 10:01 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-07-05 03:52 . 2009-02-06 09:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-07-05 03:52 . 2005-07-26 04:20 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-07-05 03:52 . 2009-02-09 10:01 617984 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-07-05 03:52 . 2009-02-09 10:01 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-07-05 03:52 . 2009-02-09 10:01 715264 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-07-05 03:52 . 2009-02-06 10:22 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-07-05 03:52 . 2009-02-06 09:41 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-05 03:48 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-05 03:48 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-07-05 03:34 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-07-05 03:32 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-07-05 02:52 . 2009-07-05 22:36 -------- d-s---w- C:\ComboFix1
2009-07-04 05:48 . 2009-07-06 05:03 -------- d-----w- C:\Fraps
2009-07-03 22:38 . 2009-07-03 22:38 286208 ----a-w- C:\yp3j1p88.exe
2009-06-20 06:14 . 2009-06-20 06:14 -------- d-----w- C:\VundoFix Backups
2009-06-20 05:29 . 2009-06-20 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-06-20 05:28 . 2009-06-20 05:28 -------- d-----w- c:\program files\Common Files\iS3
2009-06-20 05:28 . 2009-06-27 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-06-20 04:24 . 2009-06-20 04:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-19 06:43 . 2009-06-19 06:44 -------- d-sh--w- c:\documents and settings\John\Application Data\Malware Destructor 2009
2009-06-19 06:43 . 2009-06-19 06:43 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MDestrSys
2009-06-19 06:43 . 2009-06-15 10:26 435704 ----a-w- c:\documents and settings\All Users\Application Data\b96dab5\sqlite3.dll
2009-06-19 06:43 . 2009-06-15 10:26 710136 ----a-w- c:\documents and settings\All Users\Application Data\b96dab5\mozcrt19.dll
2009-06-16 13:16 . 2009-07-07 15:32 -------- d-sh--w- c:\documents and settings\All Users\Application Data\b96dab5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 23:02 . 2006-12-07 09:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-05 08:20 . 2006-12-07 09:05 -------- d-----w- c:\program files\Microsoft Works
2009-07-04 05:12 . 2008-08-07 06:38 -------- d-----w- c:\program files\Game Cam V2
2009-06-30 17:29 . 2006-12-25 17:52 -------- d-----w- c:\program files\World of Warcraft
2009-06-30 14:43 . 2007-01-27 23:12 -------- d-----w- c:\documents and settings\John\Application Data\OpenOffice.org2
2009-06-20 04:48 . 2009-02-12 09:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-20 04:25 . 2008-08-26 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-19 07:55 . 2008-02-06 18:49 -------- d-----w- c:\program files\Dl_cats
2009-06-01 01:20 . 2009-06-01 01:20 390664 ----a-w- c:\documents and settings\John\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-11 22:39 . 2009-05-11 22:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-05-07 15:44 . 2005-08-16 10:18 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:31 . 2005-08-16 10:18 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2005-08-16 10:18 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2005-08-16 10:18 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2008-11-07 09:41 . 2008-02-06 19:05 104 --sha-r- c:\windows\system32\C4D14360CF.sys
2008-04-08 18:32 . 2007-02-01 04:26 88 --sha-r- c:\windows\system32\CF6043D1C4.sys
2008-11-07 09:41 . 2007-02-01 04:26 9394 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[7] 2004-08-10 11:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe
[7] 2004-08-10 11:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\dllcache\cache\svchost.exe

[7] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[7] 2004-08-10 11:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[7] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\user32.dll
[7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll
[7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll
[7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\cache\user32.dll

[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll
[7] 2004-08-10 11:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll
[7] 2004-08-10 11:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\dllcache\cache\ws2_32.dll

[7] 2009-04-29 04:46 666624 6002073519FA478BF89977369CDFD156 c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll
[7] 2009-04-29 04:21 668160 04BCB4F87B35502568F6CF33433543A5 c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[7] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$NtUninstallKB925454$\wininet.dll
[7] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$NtUninstallKB928090$\wininet.dll
[7] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$NtUninstallKB931768$\wininet.dll
[7] 2007-02-20 09:52 665600 B258C922D22DEEC880B60720531D7627 c:\windows\$NtUninstallKB933566$\wininet.dll
[7] 2007-04-18 12:46 665600 4261BA03AFD659DE04F0A17DFBDD454D c:\windows\$NtUninstallKB937143$\wininet.dll
[7] 2007-06-26 14:35 665600 E1A3DD68B5380B360A7310A64D9BB188 c:\windows\$NtUninstallKB969897$\wininet.dll
[-] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wininet.dll
[7] 2009-04-29 04:31 668160 9E36A148748C5DE4EA1F47B9B625F412 c:\windows\SoftwareDistribution\Download\a9c8e00397fe4457a25305c397dc3358\sp2qfe\wininet.dll
[7] 2009-04-29 04:46 666624 6002073519FA478BF89977369CDFD156 c:\windows\SoftwareDistribution\Download\a9c8e00397fe4457a25305c397dc3358\sp3gdr\wininet.dll
[7] 2009-04-29 04:21 668160 04BCB4F87B35502568F6CF33433543A5 c:\windows\SoftwareDistribution\Download\a9c8e00397fe4457a25305c397dc3358\sp3qfe\wininet.dll
[7] 2009-04-29 04:31 668160 9E36A148748C5DE4EA1F47B9B625F412 c:\windows\system32\wininet.dll
[7] 2009-04-29 04:31 668160 9E36A148748C5DE4EA1F47B9B625F412 c:\windows\system32\dllcache\wininet.dll
[7] 2009-04-29 04:31 668160 9E36A148748C5DE4EA1F47B9B625F412 c:\windows\system32\dllcache\cache\wininet.dll

[7] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-10 11:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\cache\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[7] 2004-08-10 11:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe
[7] 2004-08-10 11:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\dllcache\cache\winlogon.exe

[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
[7] 2004-08-10 11:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\dllcache\cache\ndis.sys
[7] 2004-08-10 11:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ip6fw.sys
[7] 2004-08-10 11:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\dllcache\cache\ip6fw.sys
[7] 2004-08-10 11:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[7] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2005-10-11 23:54 2015232 0C691ECAD81707D3A7797512AC932C62 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[7] 2006-12-19 16:12 2017280 FA64F313F5237C53A909906113ACAE7D c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2007-02-28 09:15 2017280 2DFB215E291E3D9B1CF9A6739B3BF16C c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2009-02-06 09:49 2020864 243223E3FB74B68DFFBB41989F33DFB3 c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\system32\dllcache\ntkrnlpa.exe
[7] 2009-02-06 09:49 2020864 243223E3FB74B68DFFBB41989F33DFB3 c:\windows\system32\dllcache\cache\ntkrnlpa.exe

[7] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-08 00:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2005-10-12 00:18 2136064 C5290E302241594B668A378D89FD903E c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[7] 2006-12-19 16:49 2137600 57B9D140E1EB8B0EA06DF927B63B0EEE c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2007-02-28 09:53 2137600 E6679C3023B17D8B78946BC5DF53FA20 c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-08 00:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2009-02-06 10:29 2142720 19A791C5DFE59AA9BB1461C4957004F6 c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\system32\dllcache\ntoskrnl.exe
[7] 2009-02-06 10:29 2142720 19A791C5DFE59AA9BB1461C4957004F6 c:\windows\system32\dllcache\cache\ntoskrnl.exe

[7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[7] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-10 11:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\system32\dllcache\explorer.exe
[7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\system32\dllcache\cache\explorer.exe

[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-10 11:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[-] 2008-04-14 00:12 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\services.exe
[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\system32\services.exe
[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\system32\dllcache\services.exe
[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\system32\dllcache\cache\services.exe

[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe
[7] 2004-08-10 11:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe
[7] 2004-08-10 11:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\dllcache\cache\lsass.exe

[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ctfmon.exe
[7] 2004-08-10 11:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe
[7] 2004-08-10 11:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\dllcache\cache\ctfmon.exe

[7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
[7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe
[7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\dllcache\cache\spoolsv.exe

[-] 2008-04-14 00:12 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wuauclt.exe
[7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe
[7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\cache\wuauclt.exe

[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[7] 2004-08-10 11:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe
[7] 2004-08-10 11:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\cache\userinit.exe

[7] 2004-08-10 11:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtUninstallKB895961$\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\termsrv.dll
[7] 2005-03-10 01:49 295424 C29A5286E64D97385178452D5F307B98 c:\windows\system32\termsrv.dll
[7] 2005-03-10 01:49 295424 C29A5286E64D97385178452D5F307B98 c:\windows\system32\dllcache\cache\termsrv.dll

[7] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[7] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2004-08-10 11:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[7] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2gdr\kernel32.dll
[7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp2qfe\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3gdr\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9\sp3qfe\kernel32.dll
[-] 2008-04-14 00:11 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\dllcache\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\dllcache\cache\kernel32.dll

[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\powrprof.dll
[7] 2004-08-10 11:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll
[7] 2004-08-10 11:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\dllcache\cache\powrprof.dll

[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\imm32.dll
[7] 2004-08-10 11:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll
[7] 2004-08-10 11:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\dllcache\cache\imm32.dll

[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sfcfiles.dll
[7] 2004-08-10 11:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
[7] 2004-08-10 11:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\dllcache\cache\sfcfiles.dll

[-] 2008-04-14 00:11 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\appmgmts.dll
[7] 2004-08-10 11:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\appmgmts.dll
[7] 2004-08-10 11:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\dllcache\cache\appmgmts.dll

[-] 2008-04-13 18:39 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\kbdclass.sys
[7] 2004-08-04 04:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\dllcache\cache\kbdclass.sys
[7] 2004-08-04 04:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((( SnapShot_2009-07-06_23.01.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-16 10:18 . 2009-07-06 23:05 85452 c:\windows\system32\perfc009.dat
- 2005-08-16 10:18 . 2009-07-05 08:43 85452 c:\windows\system32\perfc009.dat
+ 2005-08-16 10:18 . 2009-07-06 23:05 451558 c:\windows\system32\perfh009.dat
- 2005-08-16 10:18 . 2009-07-05 08:43 451558 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2006-04-06 1622016]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-20 1830128]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]
"Aim6"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-11-17 52848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-23 185896]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-27 169984]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-25 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-12-7 7168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-7 24576]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-11-2 122880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbXQIaYq]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk
backup=c:\windows\pss\OpenOffice.org 2.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SQLAgent$MICROSOFTSMLBIZ"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$MICROSOFTSMLBIZ"=2 (0x2)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"Creative Labs Licensing Service"=2 (0x2)
"comHost"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"AOL ACS"=2 (0x2)
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"wuauserv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_07\\jre\\bin\\java.exe"=
"c:\\Program Files\\Bradford Networks\\Persistent Agent\\bndaemon.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 5:17 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 5:17 PM 55024]
R2 BNPagent;Bradford Persistent Agent Service;c:\program files\Bradford Networks\Persistent Agent\bndaemon.exe [6/29/2008 4:23 PM 2944392]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 2:01 AM 13824]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 2:02 AM 13696]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 5:17 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7be9ec9b-b349-4c39-97d9-169b3a99b3fa} - (no file)
BHO-{F61400CD-D8B5-4FD5-9FBE-1760616B1FA8} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061207
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\c49m4oh7.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\c49m4oh7.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 10:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(836)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\dla\tfswshx.dll
c:\windows\system32\tfswapi.dll
c:\windows\system32\dla\tfswcres.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
Completion time: 2009-07-07 10:43
ComboFix-quarantined-files.txt 2009-07-07 15:43
ComboFix2.txt 2009-07-06 23:09

Pre-Run: 4,629,344,256 bytes free
Post-Run: 4,612,186,112 bytes free

424 --- E O F --- 2009-07-07 08:00

  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP