Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rootkit.Agent str.sys and Trojan.Agent -- won't go away! [Solv

Started by jmurray7 , Jul 07 2009 08:21 PM

  • This topic is locked This topic is locked

#1
jmurray7
Posted 07 July 2009 - 08:21 PM

jmurray7

    Member

  • Member
  • PipPip
  • 11 posts
I have been trying to clear my PC of viruses for a few days now. I was able to get rid of all except the following:

c:\windows\system32\drivers\str.sys
c:\windows\system32\MSIVXcount

I have done all of the steps listed in the guide. Below are my logs from mbam, rooter and OTL. Please let me know if I have forgotten to include anything. These are causing major problems with my PC (BSOD, messages that Windows is invalid, etc...).

MBAM
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 6.0.6001 Service Pack 1

7/7/2009 9:16:58 PM
mbam-log-2009-07-07 (21-16-48).txt

Scan type: Quick Scan
Objects scanned: 96021
Time elapsed: 14 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> Delete on reboot.
C:\Windows\System32\MSIVXcount (Trojan.Agent) -> Delete on reboot.

Rooter
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6001) Service Pack 1
[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.6001.18783
Mozilla Firefox 3.5 (en-US)
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:288 Go - Free:180 Go )
D:\ [Fixed-NTFS] .. ( Total:9 Go - Free:5 Go )
E:\ [CD_Rom]
F:\ [CD_Rom]
H:\ [Removable]
.
Scan : 20:48.36
Path : C:\Users\Administrator\Desktop\Rooter.exe
User : Administrator ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (428)
______ C:\Windows\system32\csrss.exe (496)
______ C:\Windows\system32\wininit.exe (540)
______ C:\Windows\system32\csrss.exe (552)
______ C:\Windows\system32\services.exe (584)
______ C:\Windows\system32\winlogon.exe (612)
______ C:\Windows\system32\lsass.exe (628)
______ C:\Windows\system32\lsm.exe (636)
______ C:\Windows\system32\svchost.exe (792)
______ C:\Windows\system32\svchost.exe (880)
______ C:\Windows\system32\svchost.exe (996)
______ C:\Windows\System32\svchost.exe (1016)
______ C:\Windows\System32\svchost.exe (1104)
______ C:\Windows\System32\svchost.exe (1132)
______ C:\Windows\System32\svchost.exe (1208)
______ C:\Windows\system32\svchost.exe (1244)
Locked audiodg.exe (1308)
______ C:\Windows\system32\svchost.exe (1328)
______ C:\Windows\system32\SLsvc.exe (1360)
______ C:\Windows\System32\spoolsv.exe (1632)
______ C:\Windows\system32\svchost.exe (1660)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1936)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1980)
______ C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (2000)
______ C:\Windows\system32\CTsvcCDA.exe (2040)
______ C:\Windows\system32\svchost.exe (576)
______ C:\Windows\system32\svchost.exe (1012)
______ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (692)
______ C:\Windows\system32\svchost.exe (1492)
______ C:\Windows\System32\svchost.exe (1916)
______ C:\Windows\system32\SearchIndexer.exe (2056)
______ C:\Windows\system32\DRIVERS\xaudio.exe (2072)
______ C:\Windows\system32\taskeng.exe (2372)
______ C:\Windows\system32\taskeng.exe (3452)
______ C:\Windows\system32\Dwm.exe (3476)
______ C:\Windows\Explorer.EXE (3500)
______ C:\Windows\RtHDVCpl.exe (3692)
______ C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (3704)
______ C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (3740)
______ C:\Windows\System32\wpcumi.exe (3756)
______ C:\Windows\System32\igfxtray.exe (3776)
______ C:\Windows\System32\hkcmd.exe (3784)
______ C:\Windows\System32\igfxpers.exe (3800)
______ C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (3872)
______ C:\Program Files\Java\jre6\bin\jusched.exe (3884)
______ C:\Program Files\iTunes\iTunesHelper.exe (3924)
______ C:\Program Files\Windows Sidebar\sidebar.exe (3936)
______ C:\Program Files\Digital Line Detect\DLG.exe (3976)
______ C:\Windows\system32\igfxsrvc.exe (2432)
______ C:\Program Files\iPod\bin\iPodService.exe (720)
______ C:\Windows\system32\vssvc.exe (2964)
______ C:\Windows\System32\svchost.exe (3112)
______ C:\Windows\servicing\TrustedInstaller.exe (3224)
______ C:\Windows\system32\SearchProtocolHost.exe (3116)
______ C:\Windows\system32\SearchFilterHost.exe (664)
______ C:\Users\Administrator\Desktop\Rooter.exe (1344)
.
----------------------\\ Device\Harddisk0\
WARNING : Unable to read MBR .. [ERROR_1381]
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 20:48.38
.
C:\Rooter$\Rooter_1.txt - (07/07/2009 | 20:48.38)

OTL
OTL logfile created on: 7/7/2009 8:50:01 PM - Run 2
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1012.45 Mb Total Physical Memory | 349.76 Mb Available Physical Memory | 34.55% Memory free
2.24 Gb Paging File | 1.45 Gb Available in Paging File | 64.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 180.68 Gb Free Space | 62.73% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.94 Gb Free Space | 59.40% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 3.77 Gb Total Space | 0.85 Gb Free Space | 22.62% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: HOMEPC
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/09/06 16:32:57 | 00,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [1999/12/13 04:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTsvcCDA.exe
PRC - [2006/11/05 10:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PRC - [2006/08/04 19:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2007/05/11 08:26:44 | 04,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/27 08:14:52 | 00,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
PRC - [2006/10/03 10:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/11/02 07:35:35 | 00,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2008/01/02 18:07:08 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/01/02 18:06:52 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/01/02 18:07:02 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/01/19 02:33:30 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2006/11/03 17:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2008/01/02 18:07:04 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/07/06 19:00:52 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 13:00:25 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/09/06 16:32:57 | 00,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service [Auto | Running])
SRV - [1999/12/13 04:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\Windows\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2007/03/19 11:44:44 | 00,070,656 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/01/19 02:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 07:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/19 02:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/19 20:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/12/01 11:59:52 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2007/09/06 16:50:27 | 01,862,144 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager [On_Demand | Stopped])
SRV - [2009/06/11 21:11:44 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 20:17:49 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/06/19 20:17:50 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/05 10:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2006/11/05 10:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Running])
SRV - [2006/09/14 13:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2006/08/04 19:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2007/09/07 00:12:51 | 00,017,592 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2007/09/07 00:12:51 | 00,019,128 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/10/26 16:21:34 | 00,035,096 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
DRV - [2006/10/26 16:21:28 | 00,032,472 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2007/02/08 20:05:30 | 00,012,856 | ---- | M] (Roxio) -- C:\Windows\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2006/10/26 16:22:02 | 00,009,400 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM [Auto | Running])
DRV - [2006/10/26 16:21:24 | 00,104,536 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2006/10/26 16:21:30 | 00,026,296 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2006/10/26 16:21:26 | 00,014,520 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2007/02/08 20:05:30 | 00,028,120 | ---- | M] (Roxio) -- C:\Windows\System32\Drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
DRV - [2006/10/26 16:21:34 | 00,094,648 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2006/10/26 16:21:32 | 00,097,848 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2006/07/21 11:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2007/02/09 12:34:16 | 00,051,768 | ---- | M] (Roxio) -- C:\Windows\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\Windows\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2007/04/29 03:42:24 | 00,228,224 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\e1e6032.sys -- (e1express [On_Demand | Running])
DRV - [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/10/18 13:09:26 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2006/10/18 13:08:18 | 00,258,048 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSXHWBS2.sys -- (HSXHWBS2 [On_Demand | Running])
DRV - [2007/04/26 05:41:38 | 00,304,920 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastor.sys -- (iaStor [Disabled | Stopped])
DRV - [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2008/01/02 17:48:28 | 02,016,256 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2007/05/11 08:26:46 | 01,773,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - File not found -- Service key not found. -- (lqfxeyqewnzcz [Unknown | Stopped])
DRV - [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2006/06/19 16:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2009/05/13 23:25:06 | 00,079,816 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Stopped])
DRV - [2009/05/13 23:25:06 | 00,035,272 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Stopped])
DRV - [2009/05/13 23:25:06 | 00,214,024 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2009/05/13 23:24:34 | 00,034,248 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2009/05/13 23:25:06 | 00,040,552 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Stopped])
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2006/07/24 03:00:00 | 00,036,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 02:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (R300 [On_Demand | Stopped])
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2007/09/07 00:12:51 | 00,020,152 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2006/10/18 13:08:04 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2006/08/04 19:39:10 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...amp;ibd=4070907
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/05 15:35:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/03 22:54:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/02 21:55:43 | 00,000,000 | ---D | M]

[2009/07/03 23:07:29 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2009/07/03 23:07:29 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/03 23:07:29 | 00,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\411s46yr.default\extensions
[2009/07/02 21:55:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/02 21:55:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/24 08:26:10 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/24 08:26:11 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/24 08:26:12 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/24 06:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 06:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 06:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 06:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 06:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 06:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 06:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\WpcUmi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/07 20:49:50 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2009/07/07 20:48:38 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/07 20:48:15 | 00,173,119 | ---- | C] (Eric_71) -- C:\Users\Administrator\Desktop\Rooter.exe
[2009/07/07 07:26:08 | 00,000,000 | ---- | C] () -- C:\Windows\System32\drivers\str.sys
[2009/07/06 22:59:38 | 00,608,344 | ---- | C] () -- C:\Users\Administrator\Desktop\MCPR.exe
[2009/07/06 19:34:30 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/06 19:33:57 | 00,000,735 | ---- | C] () -- C:\Users\Administrator\Desktop\NTREGOPT.lnk
[2009/07/06 19:33:57 | 00,000,716 | ---- | C] () -- C:\Users\Administrator\Desktop\ERUNT.lnk
[2009/07/06 19:33:56 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/06 19:33:26 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Administrator\Desktop\erunt_setup.exe
[2009/07/06 19:05:28 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\TFC.exe
[2009/07/05 20:29:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/07/05 15:53:03 | 00,000,000 | ---D | C] -- C:\Backup
[2009/07/05 15:33:28 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/04 19:58:57 | 03,547,092 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2009/07/04 13:17:59 | 00,000,000 | ---D | C] -- C:\ProgramData\SiteAdvisor
[2009/07/04 13:15:11 | 00,079,816 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2009/07/04 13:15:11 | 00,040,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfesmfk.sys
[2009/07/04 13:15:11 | 00,035,272 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2009/07/04 13:11:23 | 00,034,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdk.sys
[2009/07/03 23:31:06 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2009/07/03 23:19:40 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/03 23:19:38 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/07/03 23:19:37 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/07/03 23:19:37 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/07/03 23:19:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/03 23:18:50 | 03,561,744 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\helpfile.exe
[2009/07/03 23:08:23 | 00,001,724 | ---- | C] () -- C:\MacAfee_ScanReport.HTML
[2009/07/03 22:54:34 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/03 22:54:29 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2009/07/03 22:54:29 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2009/07/03 17:08:21 | 00,002,577 | ---- | C] () -- C:\Windows\System32\config.bak
[2009/07/03 17:08:21 | 00,001,688 | ---- | C] () -- C:\Windows\System32\autoexec.bak
[2009/07/03 17:07:04 | 00,000,000 | ---D | C] -- C:\AV-CLS
[2009/07/03 17:01:16 | 01,296,288 | ---- | C] (McAfee, Inc.) -- C:\Users\Administrator\Desktop\DMSetup.exe
[2009/07/03 16:51:55 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Google
[2009/07/03 16:51:55 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2009/07/03 16:48:24 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\SupportSoft
[2009/07/03 12:07:48 | 00,000,000 | ---D | C] -- C:\Sysclean
[2009/07/03 10:56:30 | 00,000,000 | ---D | C] -- C:\Program Files\drv
[2009/07/03 10:56:23 | 00,000,001 | ---- | C] () -- C:\Windows\934fdfg34fgjf23
[2009/07/03 10:56:22 | 00,000,002 | ---- | C] () -- C:\Windows\0101120101464849.dat
[2009/07/03 10:56:22 | 00,000,002 | ---- | C] () -- C:\Windows\010112010146118114.dat
[2009/07/03 10:27:54 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/07/03 09:33:33 | 00,074,752 | ---- | C] () -- C:\Windows\System32\drivers\lgmjgavwolggtij.sys
[2009/07/02 23:32:40 | 00,000,000 | ---D | C] -- C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/07/02 21:55:46 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/07/02 21:55:42 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/07/01 21:34:54 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/01 21:34:53 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/01 21:34:53 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/01 21:34:53 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/07/01 21:34:53 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/01 21:34:53 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/07/01 21:34:53 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/07/01 21:34:52 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/01 21:34:52 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/01 21:34:52 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/01 21:34:52 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/01 21:34:51 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/01 21:34:51 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/01 21:33:20 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/07/01 21:33:19 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/07/01 21:33:19 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/07/01 21:33:19 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/07/01 21:33:19 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/07/01 21:33:19 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/07/01 21:33:19 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/07/01 21:33:18 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/07/01 21:33:18 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/07/01 21:33:18 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/01 21:33:18 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/07/01 21:33:18 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/07/01 21:33:17 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/07/01 21:33:17 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/07/01 21:33:17 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/07/01 21:33:17 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/07/01 21:33:17 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/07/01 21:33:17 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/01 21:33:17 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/07/01 21:33:17 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/07/01 21:33:17 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/01 21:33:17 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/07/01 21:33:16 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/07/01 21:33:16 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/01 21:33:16 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/07/01 21:33:16 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/07/01 21:33:16 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/07/01 21:33:16 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/07/01 21:33:15 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/07/01 21:33:15 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/07/01 21:33:15 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/07/01 21:33:15 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/07/01 21:33:13 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/07/01 21:33:13 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/07/01 21:33:13 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/07/01 21:33:13 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/07/01 21:33:12 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/01 21:33:12 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/07/01 21:33:12 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/07/01 21:33:12 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/07/01 21:33:12 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/07/01 21:33:12 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/07/01 16:38:04 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/07/01 16:37:50 | 13,596,5038 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/06/24 20:36:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/06/24 11:28:22 | 00,000,000 | ---D | C] -- C:\World of Warcraft Public Test
[2009/06/19 19:30:32 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/06/19 19:29:51 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/06/19 19:29:20 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/06/19 19:21:40 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/06/19 19:12:56 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/06/17 22:16:48 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2009/06/17 22:16:48 | 00,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2009/06/17 21:51:23 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/06/13 23:14:27 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/06/13 23:14:25 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/06/13 23:14:23 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/06/13 23:14:23 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/06/13 23:14:22 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/06/11 16:03:41 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/06/11 16:03:31 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/06/11 16:03:25 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/06/10 21:49:12 | 00,000,000 | ---D | C] -- C:\Target
[2009/03/21 15:32:39 | 00,000,076 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/01/19 18:18:44 | 00,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/01/02 17:57:36 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/15 09:39:43 | 00,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007/09/15 09:39:42 | 00,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007/09/07 00:17:38 | 00,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/07 00:17:38 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll
[2007/09/06 16:33:41 | 00,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2007/09/06 16:33:39 | 00,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2007/09/06 16:33:39 | 00,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2006/11/07 14:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 22:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== Files - Modified Within 30 Days ==========

[2009/07/07 20:42:17 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/07 20:42:17 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/07 20:42:17 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/07 20:42:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/07 07:26:08 | 00,000,000 | ---- | M] () -- C:\Windows\System32\drivers\str.sys
[2009/07/07 07:25:05 | 03,547,092 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2009/07/06 23:04:52 | 00,608,344 | ---- | M] () -- C:\Users\Administrator\Desktop\MCPR.exe
[2009/07/06 19:33:57 | 00,000,735 | ---- | M] () -- C:\Users\Administrator\Desktop\NTREGOPT.lnk
[2009/07/06 19:33:57 | 00,000,716 | ---- | M] () -- C:\Users\Administrator\Desktop\ERUNT.lnk
[2009/07/06 19:02:54 | 00,074,344 | ---- | M] () -- C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/06 19:00:52 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2009/07/06 18:55:00 | 00,173,119 | ---- | M] (Eric_71) -- C:\Users\Administrator\Desktop\Rooter.exe
[2009/07/06 18:54:14 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Administrator\Desktop\erunt_setup.exe
[2009/07/06 18:52:36 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\TFC.exe
[2009/07/05 21:35:48 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/07/05 18:02:29 | 00,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2009/07/05 15:40:00 | 00,309,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/03 23:19:40 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/03 22:54:34 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/07/03 22:54:27 | 00,001,724 | ---- | M] () -- C:\MacAfee_ScanReport.HTML
[2009/07/03 21:17:12 | 03,561,744 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\helpfile.exe
[2009/07/03 16:12:48 | 01,296,288 | ---- | M] (McAfee, Inc.) -- C:\Users\Administrator\Desktop\DMSetup.exe
[2009/07/03 10:56:23 | 00,000,001 | ---- | M] () -- C:\Windows\934fdfg34fgjf23
[2009/07/03 10:56:22 | 00,000,002 | ---- | M] () -- C:\Windows\0101120101464849.dat
[2009/07/03 10:56:22 | 00,000,002 | ---- | M] () -- C:\Windows\010112010146118114.dat
[2009/07/03 10:11:06 | 00,716,194 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/03 10:11:06 | 00,618,020 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/03 10:11:06 | 00,103,644 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/03 09:33:33 | 00,074,752 | ---- | M] () -- C:\Windows\System32\drivers\lgmjgavwolggtij.sys
[2009/07/02 22:10:29 | 13,596,5038 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/07/02 21:55:46 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/07/02 15:02:30 | 00,000,815 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2009/06/19 19:30:32 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
< End of report >
  • 0

Advertisements

#2
Rorschach112
Posted 08 July 2009 - 05:40 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
can you try the guide here

http://www.geekstogo...us-t243398.html
  • 0

#3
jmurray7
Posted 08 July 2009 - 02:52 PM

jmurray7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Followed the directions, but I can't get ComboFix to run. I renamed it on my Flash drive before copying over to my PC. I tried again renaming before I saved it to my flash drive and it tells me that I can't rename ComboFix to Combo-Fix... Any suggestions?
  • 0

#4
Rorschach112
Posted 08 July 2009 - 02:58 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
rename it to abcd.exe
  • 0

#5
jmurray7
Posted 08 July 2009 - 05:33 PM

jmurray7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OK, so I finally got ComboFix to run, but I see lots of these errors:

Access denied. Adminstrator permissions are needed to use the selection options.

I am logged in as the administrator.

I also got this error:
SED: Can't read drive.folder.dat: No such file or directory

And finally:
catchme.exe - Application failed to initialize

It flashed so fast I couldn't get all of the message.


This doesn't look at all like the way it's supposed run according to the BleepingComputer website.

Anything else I can do. I'm really desperate :-(.
  • 0

#6
Rorschach112
Posted 08 July 2009 - 05:50 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
do this

Download RootRepeal.zip and unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#7
jmurray7
Posted 09 July 2009 - 03:06 PM

jmurray7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi,
I thought I sent you this log yesterday, but when I looked at my post this afternoon I noticed it was gone. I'm sending my log from RootRepeal. Thanks for your help.

Attached Files


  • 0

#8
Rorschach112
Posted 09 July 2009 - 04:19 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Open the Drivers tab, click Scan. Right click and select Force Delete on the following

Name: hjgruioqtpqbdg.sys
Name: MSIVXrpqtnpvinwncohyormfotnvfidswqrgr.sys


Open the Hidden/Locked Files tab, click Scan. Right click and select Force Delete on the following

Path: C:\Windows\System32\hjgruibsfisnwr.dll
Path: C:\Windows\System32\hjgruiixepqvbv.dat
Path: C:\Windows\System32\hjgruivndhvnsb.dat
Path: C:\Windows\System32\hjgruiwpebnyil.dll
Path: C:\Windows\System32\MSIVXcount
Path: C:\Windows\System32\MSIVXveskthojpihemdxvxxecgrrrcmpcqgbe.dll
Path: C:\Windows\System32\MSIVXwplrhqsjfprgbslthcdiredvswdljvhl.dll
Path: C:\Windows\System32\drivers\hjgruioqtpqbdg.sys
Path: C:\Windows\System32\drivers\MSIVXrpqtnpvinwncohyormfotnvfidswqrgr.sys


Then try ComboFix again
  • 0

#9
jmurray7
Posted 09 July 2009 - 08:56 PM

jmurray7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hot [bleep]! We're cooking with grease now! So here's what happened:
When I ran RootRepeal I couldn't 'Force delete' any files, but I was able to use 'Wipe'. I ran Combo fix and it went through the steps, BUT I still got a few access denied messages along the way. I've attached the log.

Attached Files


  • 0

#10
Rorschach112
Posted 10 July 2009 - 06:21 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
progress :)

no need to attach these logs btw

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::
lqfxeyqewnzcz
NetSvc::
drv
KillAll::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

Advertisements

#11
jmurray7
Posted 10 July 2009 - 06:47 AM

jmurray7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OK, I've attached the ComboFix log. Thanks!

Attached Files


  • 0

#12
Rorschach112
Posted 10 July 2009 - 07:03 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
can you post it, not attach it please
  • 0

#13
jmurray7
Posted 10 July 2009 - 07:17 AM

jmurray7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry. Here is the log:

ComboFix 09-07-08.01 - Administrator 07/10/2009 7:27.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1012.321 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_lqfxeyqewnzcz


((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-07-10 12:35 . 2009-07-10 12:39 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-07-08 02:54 . 2009-07-08 02:54 -------- d-----w- c:\users\Administrator\AppData\Local\Apple
2009-07-08 01:48 . 2009-07-08 01:48 -------- d-----w- C:\Rooter$
2009-07-07 00:33 . 2009-07-07 00:33 -------- d-----w- c:\program files\ERUNT
2009-07-06 04:07 . 2009-07-06 04:07 -------- d-----w- c:\users\murrayadmin\Virus Stuff
2009-07-06 01:29 . 2009-07-06 01:29 -------- d-----w- c:\progra~2\Office Genuine Advantage
2009-07-05 20:53 . 2009-07-05 20:54 -------- d-----w- C:\Backup
2009-07-04 18:17 . 2009-07-04 18:17 -------- d-----w- c:\progra~2\SiteAdvisor
2009-07-04 18:15 . 2009-05-14 04:25 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-04 18:15 . 2009-05-14 04:25 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-04 18:15 . 2009-05-14 04:25 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-04 18:11 . 2009-05-14 04:24 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-07-04 04:31 . 2009-07-04 04:31 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2009-07-04 04:19 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 04:19 . 2009-07-08 02:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 04:19 . 2009-07-04 04:19 -------- d-----w- c:\progra~2\Malwarebytes
2009-07-04 04:19 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-04 03:54 . 2009-07-04 03:54 0 ----a-w- c:\windows\nsreg.dat
2009-07-04 03:54 . 2009-07-04 03:54 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2009-07-03 22:07 . 2009-07-04 04:22 -------- d-----w- C:\AV-CLS
2009-07-03 21:51 . 2009-07-05 00:54 -------- d-----w- c:\users\Administrator\AppData\Local\Google
2009-07-03 21:48 . 2009-07-03 21:48 -------- d-----w- c:\users\Administrator\AppData\Local\SupportSoft
2009-07-03 17:07 . 2009-07-03 22:02 -------- d-----w- C:\Sysclean
2009-07-03 15:56 . 2009-07-04 02:14 -------- d-----w- c:\program files\drv
2009-07-03 15:27 . 2009-07-07 03:47 -------- d-----w- c:\program files\McAfee
2009-07-03 04:59 . 2009-07-03 04:59 -------- d-----w- c:\users\murrayadmin\.housecall6.6
2009-07-03 04:32 . 2009-07-03 04:32 -------- dc----w- c:\progra~2\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-02 02:34 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 02:34 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-25 01:36 . 2009-06-25 01:36 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-24 16:28 . 2009-06-25 19:25 -------- d-----w- C:\World of Warcraft Public Test
2009-06-20 00:29 . 2009-06-20 00:29 -------- d-----w- c:\program files\iPod
2009-06-20 00:29 . 2009-06-20 00:30 -------- d-----w- c:\program files\iTunes
2009-06-20 00:21 . 2009-06-20 00:23 -------- d-----w- c:\program files\QuickTime
2009-06-20 00:12 . 2009-06-20 00:12 -------- d-----w- c:\progra~2\WindowsSearch
2009-06-18 02:51 . 2009-06-18 02:51 -------- d-----w- c:\program files\MSECache
2009-06-14 04:14 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 04:14 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-11 21:03 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 21:03 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-11 21:03 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-11 02:49 . 2009-06-14 22:55 -------- d-----w- C:\Target

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 03:47 . 2007-09-06 21:45 -------- d-----w- c:\progra~2\McAfee
2009-07-07 00:02 . 2008-11-22 07:16 74344 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-05 20:47 . 2008-12-20 05:16 -------- d-----w- c:\program files\RogueX
2009-07-05 20:35 . 2007-09-06 21:42 -------- d-----w- c:\progra~2\Microsoft Help
2009-07-05 20:33 . 2007-09-06 21:44 -------- d-----w- c:\program files\Microsoft Works
2009-06-24 16:55 . 2008-01-22 01:11 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-06-20 00:41 . 2007-09-15 21:54 -------- d-----w- c:\progra~2\Apple
2009-06-20 00:29 . 2007-09-15 21:54 -------- d-----w- c:\program files\Common Files\Apple
2009-06-12 01:44 . 2007-09-06 21:50 -------- d-----w- c:\program files\Google
2009-06-10 14:48 . 2008-11-29 18:17 -------- d-----w- c:\program files\Curse
2009-06-05 16:42 . 2009-06-05 16:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 16:42 . 2009-06-05 16:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-14 04:25 . 2009-05-14 04:25 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-05-13 02:35 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-04-11 19:24 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-04-11 18:27 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-04-11 18:27 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2007-09-07 05:15 . 2007-09-07 05:12 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-10-03 221184]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-11 4452352]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-6 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3111093618-2211781661-1622767111-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0160C3D6-080E-45A6-A64A-1E9CF6B063A1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{216F241A-A90B-4865-81C5-BF3487EA7B17}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{FA6FE274-D92C-495E-A573-4E3D7B4FBAF7}c:\\users\\murrayadmin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\6blzxt8b\\wow-burningcrusade-trial-enus-installer-downloader[1].exe"= UDP:c:\users\murrayadmin\appdata\local\microsoft\windows\temporary internet files\content.ie5\6blzxt8b\wow-burningcrusade-trial-enus-installer-downloader[1].exe:wow-burningcrusade-trial-enus-installer-downloader[1].exe
"UDP Query User{FB67FB67-17BC-4FD4-8B90-084B90607843}c:\\users\\murrayadmin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\6blzxt8b\\wow-burningcrusade-trial-enus-installer-downloader[1].exe"= TCP:c:\users\murrayadmin\appdata\local\microsoft\windows\temporary internet files\content.ie5\6blzxt8b\wow-burningcrusade-trial-enus-installer-downloader[1].exe:wow-burningcrusade-trial-enus-installer-downloader[1].exe
"{88372E8C-6D38-4DF0-BC0B-ACBAE5B5F96C}"= UDP:c:\program files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{1E71CB81-189C-41CA-9555-7C6117EF40EF}"= TCP:c:\program files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{9FE5DA4B-7AE2-4BFC-8502-D1C4F438B733}"= UDP:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{61AB9D7C-EF9A-47B8-8993-E23E3A3C1C54}"= TCP:c:\program files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"TCP Query User{0391AA15-FCBE-4EDD-9312-359663D3BC4F}c:\\users\\murrayadmin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\4l030wzy\\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader[1].exe"= UDP:c:\users\murrayadmin\appdata\local\microsoft\windows\temporary internet files\content.ie5\4l030wzy\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader[1].exe:wow-2.4.2.8278-to-0.4.3.8478-enus-downloader[1].exe
"UDP Query User{7F37512C-E088-42A1-89E6-E4D6AE982775}c:\\users\\murrayadmin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\4l030wzy\\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader[1].exe"= TCP:c:\users\murrayadmin\appdata\local\microsoft\windows\temporary internet files\content.ie5\4l030wzy\wow-2.4.2.8278-to-0.4.3.8478-enus-downloader[1].exe:wow-2.4.2.8278-to-0.4.3.8478-enus-downloader[1].exe
"TCP Query User{0B889638-FADA-4113-B24A-E02C17CAF967}c:\\users\\murrayadmin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\3gykzl6y\\wotlk-ff-enus-downloader[2].exe"= UDP:c:\users\murrayadmin\appdata\local\microsoft\windows\temporary internet files\content.ie5\3gykzl6y\wotlk-ff-enus-downloader[2].exe:wotlk-ff-enus-downloader[2].exe
"UDP Query User{B91BACFE-B588-489B-9FC1-63DCC5C64BDC}c:\\users\\murrayadmin\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\3gykzl6y\\wotlk-ff-enus-downloader[2].exe"= TCP:c:\users\murrayadmin\appdata\local\microsoft\windows\temporary internet files\content.ie5\3gykzl6y\wotlk-ff-enus-downloader[2].exe:wotlk-ff-enus-downloader[2].exe
"{E146CDB5-DECC-4A8B-B25C-32B211315F33}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe:Blizzard Downloader
"{14D0A8D7-2E8C-4941-80B7-4B94A51F6314}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe:Blizzard Downloader
"{19885BD1-80D5-4C6D-B15C-4085EE9EFF54}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{5589C7AA-1E9E-4BFA-B48F-4E8F557E6AA3}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{D445476D-0F11-4A4F-863C-6CF823CC1DC4}c:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{8ABBB336-BF6C-49A4-8D7C-0C81E770D2D7}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{32852DA0-8C6E-4F97-B2B9-1970D051350A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{DBCC06CA-C66A-4524-9783-BF04DE6F8305}c:\\users\\murrayadmin\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\murrayadmin\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"UDP Query User{5148D3DE-ADFE-4D7B-951A-863F70467FE3}c:\\users\\murrayadmin\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\murrayadmin\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"TCP Query User{7CEB2BBA-716A-4E02-BAC1-9226AECDD40E}c:\\users\\murrayadmin\\appdata\\local\\temp\\blizzard launcher temporary - b4fd7630\\launcher.exe"= UDP:c:\users\murrayadmin\appdata\local\temp\blizzard launcher temporary - b4fd7630\launcher.exe:launcher.exe
"UDP Query User{0B4A437D-E21F-4C36-BF9E-F7920BB06306}c:\\users\\murrayadmin\\appdata\\local\\temp\\blizzard launcher temporary - b4fd7630\\launcher.exe"= TCP:c:\users\murrayadmin\appdata\local\temp\blizzard launcher temporary - b4fd7630\launcher.exe:launcher.exe
"TCP Query User{5760E0CD-12EF-4F73-B485-9D4CE00F3FCA}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{041FD9A8-1C28-4919-BCAB-0A8AD2498949}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"TCP Query User{F91C08D2-9493-4735-AAF7-4674DB416AE3}c:\\users\\public\\games\\world of warcraft public test\\launcher.exe"= UDP:c:\users\public\games\world of warcraft public test\launcher.exe:Blizzard Launcher
"UDP Query User{346EF36D-275F-46FC-9A94-A0D263A26AD8}c:\\users\\public\\games\\world of warcraft public test\\launcher.exe"= TCP:c:\users\public\games\world of warcraft public test\launcher.exe:Blizzard Launcher
"{02D0F9D4-0296-4E9C-978A-ADB084243D48}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.1.0-enUS-downloader.exe:Blizzard Downloader
"{BD5BA957-019F-41C2-837C-92DE3BB2B779}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.1.0-enUS-downloader.exe:Blizzard Downloader
"{1C02993D-8AD8-466A-8596-FC4F01C149B1}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7FBEEAF1-9562-4E43-90F2-D5688EDBA1C3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5C92F070-1795-471E-868E-F0A47C70F662}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{DE1E0CCC-641A-4B2B-B5C9-CC0F8954A6EA}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"{5EA7FF25-344F-4139-A2F3-A17DE3F94958}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{A12A9495-C624-4530-AA4A-AD7E6D38E8B5}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{68CBF16A-0314-4A2B-AD94-1B9703A7E5EE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{608EBC2C-FF40-4156-96A0-177E751B2893}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{5771720C-DE33-401C-9F2D-E36FE77E7168}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{790DF43D-56BA-47F5-845A-12B7FB1BCD35}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{6502BF3B-1981-48B7-823E-2436829E80E3}"= UDP:c:\users\murrayadmin\Desktop\DMSetup.exe:DMSetup.exe
"{F58EB2B2-193A-4798-B13D-DF3671E70D66}"= TCP:c:\users\murrayadmin\Desktop\DMSetup.exe:DMSetup.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AUTHORIZEDAPPLICATIONS\LIST]
"c:\\AV-CLS\\WGET.EXE"= c:\av-cls\WGET.EXE:*:Enabled:WGET.EXE

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2/6/2009 10:29 AM 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
drv REG_MULTI_SZ drv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070907
mStart Page = about:blank
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\411s46yr.default\
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-10 07:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1016)
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\System32\CTSVCCDA.EXE
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-07-10 7:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-10 12:44
ComboFix2.txt 2009-07-10 02:51

Pre-Run: 193,178,832,896 bytes free
Post-Run: 193,283,678,208 bytes free

265 --- E O F --- 2009-07-05 20:36
  • 0

#14
Rorschach112
Posted 10 July 2009 - 07:25 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services

:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"drv"=-

:Files

:Commands
[purity]
[emptytemp]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#15
jmurray7
Posted 10 July 2009 - 09:50 PM

jmurray7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTM Log

All processes killed
Error: Unable to interpret <Processes> in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\drv deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 33443 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: dark_jeezy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Apple Safari cache emptied: 19241 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: murrayadmin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 118774 bytes

User: Public

User: vengeance
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 302 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.20 mb


OTM by OldTimer - Version 3.0.0.4 log created on 07102009_173339

Files moved on Reboot...

Registry entries deleted on Reboot...

MBAM Log
Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 6.0.6001 Service Pack 1

7/10/2009 6:35:47 PM
mbam-log-2009-07-10 (18-35-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 248801
Time elapsed: 45 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Kaspersky
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, July 10, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, July 11, 2009 01:48:44
Records in database: 2458385
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 150085
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 02:26:26


File name / Threat name / Threats count
C:\Users\murrayadmin\AppData\Roaming\sdra64.exe Infected: Trojan-Spy.Win32.Zbot.ybd 1
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\hjgruiqxphixlpcn.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\hjgruivrbmwyulxq.tmp Infected: Trojan.Win32.Monder.cqbi 1

The selected area was scanned.

Thanks!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP