Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown Fake Anti-Virus Program Virus

Started by mysterious_w , Jul 15 2009 02:27 PM

  • Please log in to reply

#1
mysterious_w
Posted 15 July 2009 - 02:27 PM

mysterious_w

    New Member

  • Member
  • Pip
  • 1 posts
I was infected by some fake anti-virus programme. I've been using a combination of Malwarebytes Anti-Malware, Spybot S&D, and AVG, and I cleared out everything I could (I can post logs of all of these). Now Malwarebytes says I'm clean, but if I boot up, it either freezes shortly after logging in, or logs in fine but then I'll get a scrambled BSOD followed by a system restart shortly later.

I can only boot into safe mode.

Here are the last MBAM, Rooter and OTL logs:

MBAM:

Database version _linenums:2432'>Malwarebytes' Anti-Malware 1.39Database version: 2432Windows 6.0.6000 2009-07-15 20:17:33mbam-log-2009-07-15 (20-17-33).txtScan type: Quick ScanObjects scanned: 74409Time elapsed: 3 minute(s), 56 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)

Rooter:

Rooter.exe (v1.0.2) by Eric_71.SeDebugPrivilege granted successfully ....Windows Vista Home Edition (6.0.6000) [32_bits] - x86 Family 15 Model 76 Stepping 2, AuthenticAMD.[wscsvc] STOPPED (state:1) : Security Center -> Disabled ![MpsSvc] RUNNING (state:4)Windows Firewall -> EnabledWindows Defender -> EnabledUser Account Control (UAC) -> Disabled !.Internet Explorer 7.0.6000.16851Mozilla Firefox 3.5 (en-US).C:\  [Fixed-NTFS] .. ( Total:101 Go - Free:62 Go )D:\  [Fixed-NTFS] .. ( Total:9 Go - Free:5 Go )E:\  [CD_Rom]F:\  [CD_Rom].Scan : 21:24.01Path : C:\Users\Matthew\Documents\Desktop\Rooter.exeUser : Matthew ( Administrator -> YES ).----------------------\\ Processes.Locked [System Process] (0)Locked System (4)______ \SystemRoot\System32\smss.exe (340)______ C:\Windows\system32\csrss.exe (408)______ C:\Windows\system32\csrss.exe (444)______ C:\Windows\system32\wininit.exe (452)______ C:\Windows\system32\winlogon.exe (480)______ C:\Windows\system32\services.exe (528)______ C:\Windows\system32\lsass.exe (540)______ C:\Windows\system32\lsm.exe (548)______ C:\Windows\system32\svchost.exe (712)______ C:\Windows\system32\svchost.exe (784)______ C:\Windows\System32\svchost.exe (816)______ C:\Windows\System32\svchost.exe (912)______ C:\Windows\system32\svchost.exe (952)______ C:\Windows\System32\svchost.exe (1012)______ C:\Windows\system32\svchost.exe (1036)______ C:\Windows\system32\svchost.exe (1056)______ C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (1188)______ C:\Windows\Explorer.EXE (1424)______ C:\Windows\system32\svchost.exe (1504)______ C:\Windows\system32\svchost.exe (1648)______ C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe (1760)______ C:\Users\Matthew\Documents\Desktop\OTL.exe (1972)______ C:\Users\Matthew\Documents\Desktop\Rooter.exe (384).----------------------\\ Device\Harddisk0\WARNING : Unable to read MBR .. [ERROR_1381]----------------------\\ Scheduled Tasks.C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-353384540-1442700840-4009402217-1000Core.jobC:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-353384540-1442700840-4009402217-1000UA.jobC:\Windows\Tasks\ParetoLogic Registration.jobC:\Windows\Tasks\SA.DATC:\Windows\Tasks\SCHEDLGU.TXT.----------------------\\ Registry..----------------------\\ Files & Folders.----------------------\\ Scan completed at 21:24.04.C:\Rooter$\Rooter_2.txt - (15/07/2009 | 21:24.04)

OTL: 
OTL logfile created on: 2009-07-15 21:22:19 - Run 1OTL by OldTimer - Version 3.0.7.1     Folder = C:\Users\Matthew\Documents\DesktopWindows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstationInternet Explorer (Version = 7.0.6000.16851)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: yyyy-MM-dd 893.44 Mb Total Physical Memory | 367.59 Mb Available Physical Memory | 41.14% Memory free1.99 Gb Paging File | 1.49 Gb Available in Paging File | 74.83% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 101.68 Gb Total Space | 62.05 Gb Free Space | 61.02% Space Free | Partition Type: NTFSDrive D: | 10.00 Gb Total Space | 5.42 Gb Free Space | 54.15% Space Free | Partition Type: NTFSE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: DELLCurrent User Name: MatthewLogged in as Administrator. Current Boot Mode: SafeMode with NetworkingScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal ========== Processes (SafeList) ========== PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)PRC - C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe (Mozilla Corporation)PRC - C:\Users\Matthew\Documents\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (0258371247670282mcinstcleanup [Auto | Stopped]) -- C:\Users\Matthew\AppData\Local\Temp\0258371247670282mcinst.exe (McAfee, Inc.)SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)SRV - (Ati External Event Utility [Auto | Stopped]) -- C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)SRV - (avg8emc [Auto | Stopped]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)SRV - (avg8wd [Auto | Stopped]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)SRV - (McShield [Unknown | Stopped]) --  File not foundSRV - (McSysmon [On_Demand | Stopped]) --  File not foundSRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)SRV - (RichVideo [Auto | Stopped]) -- C:\Program Files\CyberLink\Shared files\RichVideo.exe ()SRV - (RoxMediaDB9 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)SRV - (RoxWatch9 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)SRV - (SBSDWSCService [Auto | Stopped]) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)SRV - (sprtsvc_O2 [Auto | Stopped]) -- C:\Program Files\O2\bin\sprtsvc.exe (SupportSoft, Inc.)SRV - (STacSV [Auto | Stopped]) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe (SigmaTel, Inc.)SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)SRV - (wltrysvc [Auto | Stopped]) -- C:\Windows\System32\WLTRYSVC.EXE ()SRV - (WMPNetworkSvc [Auto | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)SRV - (XAudioService [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)DRV - (AtiPcie [Boot | Running]) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)DRV - (AvgLdx86 [System | Stopped]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)DRV - (AvgMfx86 [System | Stopped]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)DRV - (BCM43XX [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\bcmwl6.sys (Broadcom Corporation)DRV - (bcm4sbxp [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)DRV - (e1express [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\e1e6032.sys (Intel Corporation)DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)DRV - (HSF_DPV [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)DRV - (HSXHWAZL [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)DRV - (mdmxsdk [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys (Conexant)DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)DRV - (ovt519 [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\ov519vid.sys (OmniVision Technologies, Inc.)DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)DRV - (R300 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)DRV - (rimmptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimmptsk.sys (REDC)DRV - (rimsptsk [Disabled | Stopped]) -- C:\Windows\system32\drivers\rimsptsk.sys (REDC)DRV - (rismxdp [Disabled | Stopped]) -- C:\Windows\system32\drivers\rixdptsk.sys (REDC)DRV - (secdrv [Auto | Stopped]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()DRV - (ss_bus [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_bus.sys (MCCI Corporation)DRV - (ss_mdfl [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_mdfl.sys (MCCI Corporation)DRV - (ss_mdm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ss_mdm.sys (MCCI Corporation)DRV - (StarOpen [System | Stopped]) -- C:\Windows\System32\drivers\StarOpen.sys ()DRV - (STHDA [On_Demand | Stopped]) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)DRV - (usbcm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\usbcm.sys (Microsystems Corp)DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)DRV - (winachsf [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)DRV - (XAudio [Auto | Stopped]) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B} [Auto | Stopped]) -- C:\Program Files\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.) ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-onsIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRiskIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = [url="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm[/url]IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch[/url]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.co.uk/"]http://www.google.co.uk/[/url]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 88.191.51.48:80 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q="FF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..extensions.enabledItems: 420chanextension@kirtaner:1.0.7FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.14FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4FF - prefs.js..extensions.enabledItems: {ca8b7b3d-b6e6-438f-b935-601b3de48d66}:1.1.3FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.4.1FF - prefs.js..extensions.enabledItems: {a6e4a4eb-d169-4e99-8988-250fcbafe767}:2.1.0.19FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009-07-15 16:20:25 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2008-09-26 08:55:37 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-02-22 21:59:51 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox 3.1 Beta 1\components [2009-07-02 21:17:22 | 00,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.1 Beta 1\plugins [2009-07-02 21:17:22 | 00,000,000 | ---D | M] [2008-10-17 13:50:58 | 00,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Extensions[2008-10-17 13:50:58 | 00,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}[2009-07-15 16:31:22 | 00,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\7u8b1ggp.default\extensions[2009-04-25 22:25:02 | 00,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\7u8b1ggp.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}[2009-07-07 22:56:41 | 00,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\7u8b1ggp.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}[2009-07-02 21:18:20 | 00,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\7u8b1ggp.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}[2009-06-22 12:20:55 | 00,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\7u8b1ggp.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}[2009-05-04 15:54:15 | 00,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\7u8b1ggp.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}[2009-07-02 21:18:18 | 00,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\7u8b1ggp.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}[2009-07-06 10:59:31 | 00,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\7u8b1ggp.default\extensions\420chanextension@kirtaner[2008-11-04 14:41:31 | 00,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\7u8b1ggp.default\extensions\[email protected][2009-07-06 10:59:31 | 00,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\7u8b1ggp.default\extensions\420chanextension@kirtaner[2009-07-06 10:59:31 | 00,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\7u8b1ggp.default\extensions\420chanextension@kirtaner\__MACOSX[2009-07-06 10:59:31 | 00,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\7u8b1ggp.default\extensions\420chanextension@kirtaner\chrome[2009-07-06 10:59:31 | 00,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\mozilla\Firefox\Profiles\7u8b1ggp.default\extensions\420chanextension@kirtaner\content[2008-08-24 18:07:36 | 00,005,491 | ---- | M] () -- C:\Users\Matthew\AppData\Roaming\Mozilla\FireFox\Profiles\7u8b1ggp.default\searchplugins\dailymotion.xml[2009-04-03 16:03:01 | 00,002,404 | ---- | M] () -- C:\Users\Matthew\AppData\Roaming\Mozilla\FireFox\Profiles\7u8b1ggp.default\searchplugins\encyclopedia-dramatica-en.xml[2008-08-01 11:58:57 | 00,002,042 | ---- | M] () -- C:\Users\Matthew\AppData\Roaming\Mozilla\FireFox\Profiles\7u8b1ggp.default\searchplugins\facebook.xml[2008-04-16 16:49:19 | 00,006,358 | ---- | M] () -- C:\Users\Matthew\AppData\Roaming\Mozilla\FireFox\Profiles\7u8b1ggp.default\searchplugins\luchawiki-english.xml[2008-10-30 14:12:39 | 00,000,659 | ---- | M] () -- C:\Users\Matthew\AppData\Roaming\Mozilla\FireFox\Profiles\7u8b1ggp.default\searchplugins\rapidsearch.xml[2007-08-23 10:19:54 | 00,001,068 | ---- | M] () -- C:\Users\Matthew\AppData\Roaming\Mozilla\FireFox\Profiles\7u8b1ggp.default\searchplugins\wikipedia-english.xml[2007-09-25 15:44:58 | 00,002,105 | ---- | M] () -- C:\Users\Matthew\AppData\Roaming\Mozilla\FireFox\Profiles\7u8b1ggp.default\searchplugins\youtube-video-search.xml[2008-10-23 17:33:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions[2008-09-26 08:55:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2007-08-31 09:58:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[2008-03-26 23:10:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected][2008-09-26 08:55:32 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll[2008-09-26 08:55:32 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll[2008-09-26 08:55:32 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll[2008-09-26 08:55:32 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll[2008-09-26 08:55:32 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll[2007-04-10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll[2008-11-06 17:33:48 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll[2008-09-26 08:55:35 | 00,022,664 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll[2006-10-07 05:18:48 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll[2006-10-07 05:01:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll[2006-06-15 11:24:15 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml[2006-07-06 06:44:17 | 00,002,206 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml[2006-06-15 11:24:15 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml[2006-06-01 00:17:38 | 00,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml[2006-06-15 11:24:15 | 00,001,077 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml[2007-01-17 23:05:32 | 00,002,368 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml[2006-09-11 15:39:34 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1       localhostO1 - Hosts: ::1             localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe (cyberlink)O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe (Dell Inc.)O4 - HKLM..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe ( )O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()O4 - HKLM..\Run: [O2] C:\Program Files\O2\bin\sprtcmd.exe (SupportSoft, Inc.)O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)O4 - HKCU..\Run: [Google Update] C:\Users\Matthew\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O4 - HKCU..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe (WhatPulse.org)O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)O13 - gopher Prefix: missingO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [url="http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab"]http://download.microsoft.com/download/8/b...heckControl.cab[/url] (Windows Genuine Advantage Validation Tool)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab"]http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab[/url] (Java Plug-in 1.6.0_02)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [url="http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab"]http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab[/url] (Reg Error: Key error.)O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} [url="http://support.f-secure.com/ols/fscax.cab"]http://support.f-secure.com/ols/fscax.cab[/url] (F-Secure Online Scanner 3.3)O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0)O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_02)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab"]http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab[/url] (Java Plug-in 1.6.0_02)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Filter:  - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)O31 - SafeBoot: AlternateShell - cmd.exeO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006-09-18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O33 - MountPoints2\{69cf9326-04b2-11de-a45d-0019b9818f8b}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not foundO33 - MountPoints2\{f052161f-779f-11dc-9c39-0019b9818f8b}\Shell - "" = AutoRunO33 - MountPoints2\{f052161f-779f-11dc-9c39-0019b9818f8b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not foundO34 - HKLM BootExecute: (autocheck) -  File not foundO34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)O34 - HKLM BootExecute: (*) -  File not foundO34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () ========== Files/Folders - Created Within 30 Days ========== [2009-07-15 21:18:20 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Matthew\Documents\Desktop\OTL.exe[2009-07-15 21:10:58 | 01,996,287 | ---- | C] () -- C:\Users\Matthew\Documents\Documents.rar[2009-07-15 21:09:35 | 01,552,384 | ---- | C] () -- C:\Users\Matthew\Documents\King, Stephen - The Bachman Books (1985) - Copy.doc[2009-07-15 21:09:35 | 00,161,280 | ---- | C] (Firelight Technologies Pty, Ltd) -- C:\Users\Matthew\Documents\fmod - Copy.dll[2009-07-15 21:09:35 | 00,060,928 | ---- | C] () -- C:\Users\Matthew\Documents\jbfmod - Copy.dll[2009-07-15 21:09:35 | 00,034,816 | ---- | C] () -- C:\Users\Matthew\Documents\downloaddll - Copy.dll[2009-07-15 21:09:35 | 00,002,802 | ---- | C] () -- C:\Users\Matthew\Documents\login.php - Copy.html[2009-07-15 21:09:35 | 00,000,374 | ---- | C] () -- C:\Users\Matthew\Documents\Pictures - Shortcut - Copy.lnk[2009-07-15 21:08:03 | 00,000,000 | ---D | C] -- C:\Rooter$[2009-07-15 21:07:36 | 00,173,119 | ---- | C] (Eric_71) -- C:\Users\Matthew\Documents\Desktop\Rooter.exe[2009-07-15 21:06:00 | 00,469,504 | ---- | C] ( ) -- C:\Users\Matthew\Documents\Desktop\RootRepeal.exe[2009-07-15 16:27:01 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$[2009-07-15 16:21:07 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll[2009-07-15 16:21:07 | 00,001,649 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk[2009-07-15 16:21:06 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys[2009-07-15 16:20:47 | 00,327,688 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys[2009-07-15 16:20:42 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys[2009-07-15 16:20:41 | 38,185,958 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm[2009-07-15 16:20:41 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg[2009-07-15 16:20:41 | 00,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg[2009-07-15 16:20:41 | 00,028,382 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg[2009-07-15 16:20:41 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg[2009-07-15 16:20:25 | 00,000,000 | ---D | C] -- C:\Program Files\AVG[2009-07-15 16:20:23 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8[2009-07-15 15:58:53 | 66,216,864 | ---- | C] (AVG Technologies) -- C:\Users\Matthew\Documents\Desktop\avg_free_stf_en_85_374a1564.exe[2009-07-14 11:18:57 | 13,338,4529 | ---- | C] () -- C:\Windows\MEMORY.DMP[2009-07-14 10:38:37 | 03,976,714 | ---- | C] () -- C:\Windows\System32\uactmp.db[2009-07-14 10:37:09 | 03,775,176 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Matthew\Documents\Desktop\mnjjam-sep.exe[2009-07-14 09:30:57 | 01,110,399 | ---- | C] () -- C:\Windows\System32\UACqaldqiuhgdelcdsmb.db[2009-07-14 08:45:59 | 73,316,2792 | ---- | C] () -- C:\Users\Matthew\Documents\Desktop\xtreme-wrestling-network.org.wwe.monday.night.raw.2009.07.13.hdtv.xvid-fqm.avi[2009-07-13 10:27:46 | 50,536,7166 | ---- | C] () -- C:\Users\Matthew\Documents\Desktop\btcp5868500k.wmv[2009-07-12 13:39:14 | 27,066,960 | ---- | C] () -- C:\Users\Matthew\Documents\Desktop\071009dks.mp3[2009-07-10 16:18:59 | 32,247,0088 | ---- | C] () -- C:\Users\Matthew\Documents\Desktop\KENTA vs Shiozaki differ.avi[2009-07-03 12:11:25 | 00,011,776 | ---- | C] () -- C:\Users\Matthew\Documents\academic appeal.wps[2009-07-03 11:47:05 | 00,042,496 | ---- | C] () -- C:\Users\Matthew\Documents\Desktop\academic_appeals_report_form.doc[2009-06-30 09:01:26 | 00,000,914 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353384540-1442700840-4009402217-1000UA.job[2009-06-30 09:01:23 | 00,000,862 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353384540-1442700840-4009402217-1000Core.job[2009-06-28 17:17:46 | 00,000,000 | ---D | C] -- C:\Users\Matthew\Documents\Chikara.Aniversario.2009.Yin.and.Yang.DVDRiP.x264-TOBY[2009-06-28 13:23:49 | 52,396,8036 | ---- | C] () -- C:\Users\Matthew\Documents\Desktop\NOAH.2009.6.22.Part3.avi[2009-06-28 12:51:17 | 00,000,000 | ---D | C] -- C:\ProgramData\PopCap Games[2009-06-28 12:50:55 | 00,000,000 | ---D | C] -- C:\Users\Matthew\Documents\Peggle Nights[2009-06-27 20:34:54 | 10,038,6816 | ---- | C] () -- C:\Users\Matthew\Documents\Desktop\2009.06.19 - ken45° vs. Kenbai.avi[2009-06-25 22:05:07 | 36,731,9040 | ---- | C] () -- C:\Users\Matthew\Documents\Desktop\2009.05.28 - Yuko Miyamoto & Takashi Sasaki vs. Masashi Takeda & Isami Kodaka.avi[2009-06-24 17:04:39 | 00,000,000 | ---D | C] -- C:\Users\Matthew\Documents\CyberLink[2009-06-24 17:01:30 | 00,001,834 | ---- | C] () -- C:\Users\Matthew\Documents\Desktop\CyberLink PowerDVD.lnk[2009-06-24 16:41:22 | 00,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\CoreCodec[2009-06-24 16:27:32 | 00,000,000 | ---D | C] -- C:\Program Files\Haali[2009-06-24 16:27:22 | 00,000,000 | ---D | C] -- C:\Program Files\CoreCodec[2009-06-21 00:30:16 | 30,560,6000 | ---- | C] () -- C:\Users\Matthew\Documents\Desktop\Flip - Really Sorry.mpg[2009-06-20 16:48:05 | 48,213,964 | ---- | C] () -- C:\Users\Matthew\Documents\Desktop\20090613_04.wmv[2009-06-20 16:47:53 | 73,218,644 | ---- | C] () -- C:\Users\Matthew\Documents\Desktop\20090613_06.wmv[2009-06-20 11:49:49 | 00,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\Malwarebytes[2009-06-20 11:49:44 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys[2009-06-20 11:49:43 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2009-06-20 11:49:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2009-06-20 11:49:42 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2009-06-19 22:05:48 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF2513.exe[2009-06-19 22:05:48 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swsc.exe[2009-06-19 22:05:48 | 00,000,000 | ---D | C] -- C:\ComboFix[2009-06-19 20:35:38 | 00,000,000 | ---D | C] -- C:\Program Files\driver[2009-06-19 15:37:06 | 00,000,000 | ---D | C] -- C:\Program Files\Activision[2009-06-19 15:36:51 | 00,000,604 | ---- | C] () -- C:\Windows\Thps3.INI[2009-06-18 22:06:57 | 11,611,6992 | ---- | C] () -- C:\Users\Matthew\Documents\Desktop\5-5-1998_(FMW_Tag_Titles)_Jado_Gedo_vs_Hayabusa_Tanaka.avi[2009-06-18 09:54:48 | 12,752,0228 | ---- | C] () -- C:\Users\Matthew\Documents\Desktop\BOSJ Taguchi vs YAMATO.avi[2009-06-18 09:00:49 | 71,961,948 | ---- | C] () -- C:\Users\Matthew\Documents\Desktop\06.avi[2009-02-20 18:39:52 | 00,000,727 | ---- | C] () -- C:\Windows\wininit.ini[2008-11-06 17:37:32 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll[2008-11-06 17:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest[2008-11-06 17:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest[2008-11-06 17:33:02 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll[2008-09-20 13:58:14 | 00,000,728 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini[2008-07-10 15:33:21 | 00,000,308 | ---- | C] () -- C:\Windows\asfbinapp.INI[2008-06-19 22:24:55 | 00,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys[2008-04-10 03:25:52 | 00,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI[2008-03-16 18:21:33 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys[2007-07-21 20:14:29 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll[2007-07-21 20:14:28 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll[2007-07-21 20:14:18 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll[2007-07-21 12:38:59 | 00,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll[2006-11-07 20:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini[2006-11-02 11:23:31 | 00,000,279 | ---- | C] () -- C:\Windows\win.ini[2006-11-02 11:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini[2006-11-02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini[2006-09-16 23:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll[2006-09-16 23:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll[2003-11-16 10:48:02 | 00,909,312 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll[2003-11-16 10:48:00 | 01,060,864 | ---- | C] () -- C:\Windows\System32\vorbis.dll[2003-11-15 17:54:18 | 00,036,864 | ---- | C] () -- C:\Windows\System32\ogg.dll[2002-10-06 23:42:58 | 00,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll ========== Files - Modified Within 30 Days ========== [3 C:\Windows\*.tmp files][2009-07-15 21:18:21 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Documents\Desktop\OTL.exe[2009-07-15 21:11:00 | 01,996,287 | ---- | M] () -- C:\Users\Matthew\Documents\Documents.rar[2009-07-15 21:07:36 | 00,173,119 | ---- | M] (Eric_71) -- C:\Users\Matthew\Documents\Desktop\Rooter.exe[2009-07-15 20:06:20 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2009-07-15 20:03:53 | 00,002,485 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk[2009-07-15 20:03:38 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2009-07-15 20:03:37 | 00,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2009-07-15 16:58:31 | 13,338,4529 | ---- | M] () -- C:\Windows\MEMORY.DMP[2009-07-15 16:25:40 | 38,185,958 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm[2009-07-15 16:24:30 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg[2009-07-15 16:24:30 | 00,028,382 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg[2009-07-15 16:21:07 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll[2009-07-15 16:21:07 | 00,001,649 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 8.5.lnk[2009-07-15 16:21:06 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys[2009-07-15 16:20:47 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys[2009-07-15 16:20:42 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys[2009-07-15 16:20:41 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg[2009-07-15 16:11:34 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT[2009-07-15 16:00:13 | 66,216,864 | ---- | M] (AVG Technologies) -- C:\Users\Matthew\Documents\Desktop\avg_free_stf_en_85_374a1564.exe[2009-07-15 15:06:01 | 00,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353384540-1442700840-4009402217-1000UA.job[2009-07-14 18:00:00 | 00,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job[2009-07-14 15:22:31 | 00,000,727 | ---- | M] () -- C:\Windows\wininit.ini[2009-07-14 11:22:30 | 03,976,714 | ---- | M] () -- C:\Windows\System32\uactmp.db[2009-07-14 11:14:31 | 00,320,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT[2009-07-14 10:51:39 | 00,128,512 | ---- | M] () -- C:\Users\Matthew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009-07-14 10:37:22 | 03,775,176 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Matthew\Documents\Desktop\mnjjam-sep.exe[2009-07-14 09:30:59 | 01,110,399 | ---- | M] () -- C:\Windows\System32\UACqaldqiuhgdelcdsmb.db[2009-07-14 09:11:50 | 73,316,2792 | ---- | M] () -- C:\Users\Matthew\Documents\Desktop\xtreme-wrestling-network.org.wwe.monday.night.raw.2009.07.13.hdtv.xvid-fqm.avi[2009-07-14 09:06:07 | 00,000,862 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-353384540-1442700840-4009402217-1000Core.job[2009-07-13 22:30:40 | 00,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt[2009-07-13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys[2009-07-13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2009-07-13 10:43:24 | 50,536,7166 | ---- | M] () -- C:\Users\Matthew\Documents\Desktop\btcp5868500k.wmv[2009-07-12 21:39:45 | 00,469,504 | ---- | M] ( ) -- C:\Users\Matthew\Documents\Desktop\RootRepeal.exe[2009-07-12 13:39:56 | 27,066,960 | ---- | M] () -- C:\Users\Matthew\Documents\Desktop\071009dks.mp3[2009-07-10 16:30:41 | 32,247,0088 | ---- | M] () -- C:\Users\Matthew\Documents\Desktop\KENTA vs Shiozaki differ.avi[2009-07-10 15:36:56 | 00,138,060 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat[2009-07-10 14:53:04 | 00,081,640 | ---- | M] () -- C:\Users\Matthew\AppData\Local\GDIPFONTCACHEV1.DAT[2009-07-09 12:06:40 | 00,002,814 | ---- | M] () -- C:\Users\Matthew\AppData\Roaming\wklnhst.dat[2009-07-08 18:48:44 | 00,011,776 | ---- | M] () -- C:\Users\Matthew\Documents\academic appeal.wps[2009-07-03 11:47:05 | 00,042,496 | ---- | M] () -- C:\Users\Matthew\Documents\Desktop\academic_appeals_report_form.doc[2009-07-01 16:22:33 | 00,000,374 | ---- | M] () -- C:\Users\Matthew\Documents\Pictures - Shortcut - Copy.lnk[2009-06-28 13:38:05 | 52,396,8036 | ---- | M] () -- C:\Users\Matthew\Documents\Desktop\NOAH.2009.6.22.Part3.avi[2009-06-27 20:39:17 | 10,038,6816 | ---- | M] () -- C:\Users\Matthew\Documents\Desktop\2009.06.19 - ken45° vs. Kenbai.avi[2009-06-25 22:25:10 | 36,731,9040 | ---- | M] () -- C:\Users\Matthew\Documents\Desktop\2009.05.28 - Yuko Miyamoto & Takashi Sasaki vs. Masashi Takeda & Isami Kodaka.avi[2009-06-24 17:01:30 | 00,001,834 | ---- | M] () -- C:\Users\Matthew\Documents\Desktop\CyberLink PowerDVD.lnk[2009-06-20 16:53:25 | 73,218,644 | ---- | M] () -- C:\Users\Matthew\Documents\Desktop\20090613_06.wmv[2009-06-20 16:52:14 | 48,213,964 | ---- | M] () -- C:\Users\Matthew\Documents\Desktop\20090613_04.wmv[2009-06-20 13:21:54 | 00,000,604 | ---- | M] () -- C:\Windows\Thps3.INI[2009-06-19 22:05:45 | 00,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF2513.exe[2009-06-18 22:30:46 | 11,611,6992 | ---- | M] () -- C:\Users\Matthew\Documents\Desktop\5-5-1998_(FMW_Tag_Titles)_Jado_Gedo_vs_Hayabusa_Tanaka.avi[2009-06-18 09:59:23 | 12,752,0228 | ---- | M] () -- C:\Users\Matthew\Documents\Desktop\BOSJ Taguchi vs YAMATO.avi[2009-06-18 09:02:33 | 71,961,948 | ---- | M] () -- C:\Users\Matthew\Documents\Desktop\06.avi ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Matthew\Documents\Different Stuff:Roxio EMC Stream< End of report >

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP