Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect [Solved]

Started by WhiZZlE , Jul 15 2009 10:38 PM

  • This topic is locked This topic is locked

#1
WhiZZlE
Posted 15 July 2009 - 10:38 PM

WhiZZlE

    Member

  • Member
  • PipPip
  • 34 posts
Hello and Thank you,
I have the google redirect. I have had it for a couple days now and have followed every tutorial known to man on how to get rid of it but have had no success. It is the one with the green globe which takes me to shopico and all other types of ad sites. I tried running the online Kasper but it keeps giving me java applet error.

Combo-Fix
ComboFix 09-07-14.08 - DeeBo 07/15/2009 23:39.3.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1516 [GMT -4:00]Running from: c:\documents and settings\DeeBo\Desktop\Combo-Fix.exeAV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}.(((((((((((((((((((((((((   Files Created from 2009-06-16 to 2009-07-16  ))))))))))))))))))))))))))))))).No new files created in this timespan.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-06-24 13:26 . 2009-07-15 10:07	137208	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-03-07 15360]"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-03-07 169984]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"ShowDeskFix"="shell32" [X]"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2008-12-22 16:05	356352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]"Bonjour Service"=2 (0x2)"ASKUpgrade"=2 (0x2)"ASKService"=2 (0x2)"avg8wd"=2 (0x2)"avg8emc"=2 (0x2)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP.- - - - ORPHANS REMOVED - - - -BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)Notify-avgrsstarter - avgrsstx.dll.------- Supplementary Scan -------.uStart Page = hxxp://www.plushieworks.com/uInternet Settings,ProxyOverride = *.localIE: &Search - ?p=ZJfox000FF - ProfilePath - c:\docume~1\DeeBo\APPLIC~1\Mozilla\Firefox\Profiles\exoar423.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.whizzles-arcade.com/---- FIREFOX POLICIES ----c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");..------- File Associations -------.inffile=c:\windows\system32\Notepad2.exe %1inifile=c:\windows\system32\Notepad2.exe %1txtfile=c:\windows\system32\Notepad2.exe %1.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2009-07-15 23:47Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ...  scanning hidden autostart entries ... scanning hidden files ...  scan completed successfullyhidden files: **************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(632)geyekrurhkqnvq.dll 10000000    36864 \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dllc:\windows\system32\WININET.dllc:\program files\SUPERAntiSpyware\SASWINLO.dll- - - - - - - > 'lsass.exe'(692)geyekrurhkqnvq.dll 10000000    36864 \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dllc:\windows\system32\WININET.dll- - - - - - - > 'explorer.exe'(1592)c:\windows\system32\WININET.dllgeyekrurhkqnvq.dll 10000000    36864 \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.Completion time: 2009-07-16 23:51ComboFix-quarantined-files.txt  2009-07-16 03:51Pre-Run: 137,339,019,264 bytes freePost-Run: 137,342,967,808 bytes freeCurrent=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5148	--- E O F ---	2009-07-15 12:47

I tried deleting these manually and thats why the extension is showing up as none now.
GooredFix
GooredFix by jpshortstuff (12.07.09)Log created at 23:08 on 15/07/2009 (DeeBo)Firefox version 3.5 (en-US)========== GooredScan ==========C:\Program Files\Mozilla Firefox\extensions\(none)[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions](none)-=E.O.F=-



MBam I did not delete these that is why it says no action taken. If I delete them and reboot then run again they will be there again.
Database version _linenums:2421'>Malwarebytes' Anti-Malware 1.39Database version: 2421Windows 5.1.2600 Service Pack 37/16/2009 12:36:15 AMmbam-log-2009-07-16 (00-36-11).txtScan type: Quick ScanObjects scanned: 88301Time elapsed: 1 minute(s), 11 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:\\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (Trojan.TDSS) -> No action taken.Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:\\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (Trojan.TDSS) -> No action taken.

I thank you so much for any help. :)
  • 0

Advertisements

#2
IndiGenus
Posted 19 July 2009 - 07:26 AM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Hello WhiZZlE and welcome to the forums here at G2G.

Sorry for the delay in getting to your post. If you still need help please do the following.

No need to put the logs in code boxes. Just paste into comment window, or attach if too long, thanks.


Download RootRepeal.zip and unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Edited by IndiGenus, 19 July 2009 - 07:27 AM.

  • 0

#3
WhiZZlE
Posted 19 July 2009 - 12:57 PM

WhiZZlE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Thank you. :)
I am getting errors in RootRepeal
Disc access level and could not read system registry but was still able to come up with log.



ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/19 14:45
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB48C6000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB860C000 Size: 8192 File Visible: No Signed: -
Status: -

Name: erqnbtko.sys
Image Path: C:\WINDOWS\system32\drivers\erqnbtko.sys
Address: 0xB8228000 Size: 61440 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB2E91000 Size: 49152 File Visible: No Signed: -
Status: -

Stealth Objects
-------------------
Object: Hidden Module [Name: geyekrplvuvomi.dll]
Process: svchost.exe (PID: 892) Address: 0x008e0000 Address: 57344

Object: Hidden Module [Name: geyekrtjvrjkbxpb.tmpll]
Process: svchost.exe (PID: 892) Address: 0x10000000 Address: 28672

==EOF==


I am not getting the extras log for some reason.


OTL logfile created on: 7/19/2009 2:51:51 PM - Run 5
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Documents and Settings\DeeBo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.08% Memory free
3.85 Gb Paging File | 3.50 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 127.92 Gb Free Space | 85.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEEBO-2E38CCA01
Current User Name: DeeBo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
PRC - C:\Program Files\EVGA Precision\EVGAPrecision.exe ()
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
PRC - C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe ()
PRC - C:\Documents and Settings\DeeBo\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (dlbt_device [On_Demand | Stopped]) -- C:\WINDOWS\System32\dlbtcoms.exe (Dell)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (ForcewareWebInterface [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nSvcIp [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)
SRV - (nSvcLog [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
SRV - (nvsvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (tigdr [Unknown | Running]) -- Service key not found. File not found
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (RTCore32 [On_Demand | Running]) -- C:\Program Files\EVGA Precision\RTCore32.sys ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.plushieworks.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.whizzles-arcade.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/17 15:28:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/17 15:28:27 | 00,000,000 | ---D | M]

[2009/05/14 09:21:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\mozilla\Extensions
[2009/05/14 09:21:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/15 06:00:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\mozilla\Firefox\Profiles\exoar423.default\extensions
[2009/07/15 22:40:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/17 15:28:21 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/17 15:28:21 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/17 15:28:23 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/02/02 18:15:00 | 03,771,296 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2009/06/24 07:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 07:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 07:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 07:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 07:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 07:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 07:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (317082 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10879 more lines...
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1242310585812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/13 20:14:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/19 14:39:07 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DeeBo\Desktop\OTL.exe
[2009/07/19 14:29:46 | 00,261,295 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\Plombie_family.psd
[2009/07/19 01:40:21 | 00,034,281 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\kanye_west_glasses.jpg
[2009/07/18 21:24:12 | 05,222,480 | ---- | C] () -- C:\Documents and Settings\DeeBo\My Documents\07-18-2009 09;24;11PM.PSD
[2009/07/16 14:25:19 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/07/16 13:45:22 | 01,511,190 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\slaton.psd
[2009/07/16 11:36:10 | 00,095,567 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\knickles_sig.png
[2009/07/16 09:04:31 | 00,031,089 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\icon_biggrin.psd
[2009/07/16 02:12:34 | 06,576,362 | ---- | C] () -- C:\Documents and Settings\DeeBo\My Documents\07-16-2009 02;12;34AM.PSD
[2009/07/16 02:09:18 | 01,539,298 | ---- | C] () -- C:\Documents and Settings\DeeBo\My Documents\07-16-2009 02;09;17AM.PSD
[2009/07/16 00:24:04 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/15 23:31:38 | 03,137,363 | R--- | C] () -- C:\Documents and Settings\DeeBo\Desktop\Combo-Fix.exe
[2009/07/15 23:20:45 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/15 23:20:45 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/15 23:20:45 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/15 23:20:45 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/15 23:20:45 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/15 23:20:45 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/15 23:20:45 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/15 23:19:56 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/15 22:55:00 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DeeBo\Desktop\TFC.exe
[2009/07/15 22:22:37 | 00,975,894 | ---- | C] () -- C:\Documents and Settings\DeeBo\My Documents\07-15-2009 10;22;37PM.PSD
[2009/07/15 09:02:49 | 00,024,592 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klim5.sys
[2009/07/15 08:50:42 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/15 08:46:29 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 06:58:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/07/15 06:44:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/07/15 06:44:20 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/07/15 06:44:20 | 00,000,000 | ---D | C] -- C:\Program Files\movie maker
[2009/07/15 06:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\netmeeting
[2009/07/15 06:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2009/07/15 06:44:16 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/07/15 06:38:08 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/15 06:38:08 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/15 06:38:08 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/15 06:38:08 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/15 06:38:08 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/15 06:38:08 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/15 06:38:08 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/15 06:38:08 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/15 06:38:08 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/15 06:38:08 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/15 06:38:08 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/15 06:38:08 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/15 06:38:08 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/15 06:38:08 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/15 06:38:08 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/15 06:38:08 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/15 06:38:08 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/07/15 06:38:08 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/15 06:38:08 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/15 06:38:08 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/07/15 06:38:08 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/15 06:38:08 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/07/15 06:38:08 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/15 06:38:08 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/15 06:38:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/15 06:38:08 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/15 06:38:08 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/15 06:38:08 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/15 06:38:08 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/15 06:38:08 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/15 06:38:08 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/15 06:38:08 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/15 06:38:08 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/07/15 06:38:08 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/15 06:38:08 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/07/15 06:38:08 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/07/15 06:38:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/15 06:21:44 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/07/15 06:21:39 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/07/15 06:21:38 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/07/15 06:19:44 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/15 06:07:36 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/07/15 03:07:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/07/15 03:00:14 | 43,985,744 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\DeeBo\Desktop\kis8.0.0.506en.exe
[2009/07/15 03:00:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\My Documents\Downloads
[2009/07/15 02:46:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/15 02:44:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\ApplicationHistory
[2009/07/15 02:41:24 | 00,098,989 | ---- | C] () -- C:\MGlogs.zip
[2009/07/15 02:41:21 | 00,000,000 | ---D | C] -- C:\MGtools
[2009/07/15 02:18:30 | 00,046,157 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\DeeBo\Desktop\GooredFix.exe
[2009/07/15 01:40:08 | 01,343,301 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\MGtools.exe
[2009/07/15 01:39:45 | 00,469,504 | ---- | C] ( ) -- C:\Documents and Settings\DeeBo\Desktop\RootRepeal.exe
[2009/07/15 01:34:43 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/14 23:41:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\AVG Security Toolbar
[2009/07/14 23:39:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/07/14 23:39:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/07/14 23:37:41 | 00,000,104 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2009/07/14 23:37:33 | 00,002,148 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/14 23:18:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/07/14 05:38:32 | 01,183,173 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\gta_wp.psd
[2009/07/13 21:14:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/07/06 14:55:37 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/07/06 14:55:30 | 00,140,288 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM7D.DLL
[2009/07/06 14:55:30 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7D.DLL
[2009/07/05 07:22:33 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/07/05 07:22:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/07/05 07:22:00 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/07/05 07:22:00 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/07/05 07:16:50 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/07/03 20:03:53 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\Defraggler.lnk
[2009/07/03 20:03:52 | 00,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2009/07/03 03:00:17 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/07/02 02:27:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\KodakGallery
[2009/07/02 02:27:30 | 00,066,560 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/07/02 02:27:30 | 00,058,368 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/07/02 02:27:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Application Data\Skinux
[2009/07/02 02:24:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/07/02 02:22:39 | 00,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2009/07/02 02:22:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2009/07/02 02:22:26 | 00,000,000 | ---D | C] -- C:\Program Files\Kodak
[2009/07/02 02:21:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2009/06/30 01:11:55 | 00,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/28 04:33:38 | 00,001,150 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\favicon.ico
[2009/06/28 00:00:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Desktop\PW
[2009/06/27 12:48:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\My Documents\My Google Gadgets
[2009/06/27 12:47:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\Google
[2009/06/27 12:47:51 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/06/10 09:42:38 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/07 14:56:28 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/06/05 05:43:43 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/05 05:43:43 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/06/05 05:43:13 | 00,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2009/05/15 19:07:26 | 00,000,525 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2009/05/15 18:57:54 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2009/05/15 18:57:54 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2009/05/15 18:57:53 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2009/05/15 18:57:53 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2009/05/15 18:57:53 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2009/05/15 18:57:53 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2009/05/15 18:57:53 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2009/05/15 18:57:52 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2009/05/15 18:57:52 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2009/05/15 18:57:52 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2009/05/15 18:57:49 | 00,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2009/05/13 20:05:53 | 00,012,442 | ---- | C] () -- C:\WINDOWS\System32\Notepad2.ini
[2009/05/13 20:05:52 | 00,175,616 | ---- | C] () -- C:\WINDOWS\System32\mmm.dll
[2009/05/01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2001/08/23 23:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 23:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[2009/07/19 14:39:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DeeBo\Desktop\OTL.exe
[2009/07/19 14:29:46 | 00,261,295 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\Plombie_family.psd
[2009/07/19 14:29:25 | 00,031,089 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\icon_biggrin.psd
[2009/07/19 01:40:21 | 00,034,281 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\kanye_west_glasses.jpg
[2009/07/18 21:24:12 | 05,222,480 | ---- | M] () -- C:\Documents and Settings\DeeBo\My Documents\07-18-2009 09;24;11PM.PSD
[2009/07/17 15:14:52 | 00,001,150 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\favicon.ico
[2009/07/17 02:50:55 | 01,183,173 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\gta_wp.psd
[2009/07/16 14:25:44 | 00,002,148 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/16 14:25:26 | 00,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/07/16 14:25:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/16 14:25:19 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/16 14:22:16 | 01,511,190 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\slaton.psd
[2009/07/16 13:58:40 | 00,095,567 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\knickles_sig.png
[2009/07/16 02:12:34 | 06,576,362 | ---- | M] () -- C:\Documents and Settings\DeeBo\My Documents\07-16-2009 02;12;34AM.PSD
[2009/07/16 02:09:18 | 01,539,298 | ---- | M] () -- C:\Documents and Settings\DeeBo\My Documents\07-16-2009 02;09;17AM.PSD
[2009/07/16 00:24:02 | 00,012,442 | ---- | M] () -- C:\WINDOWS\System32\Notepad2.ini
[2009/07/15 23:47:35 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/15 23:31:38 | 03,137,363 | R--- | M] () -- C:\Documents and Settings\DeeBo\Desktop\Combo-Fix.exe
[2009/07/15 22:55:00 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DeeBo\Desktop\TFC.exe
[2009/07/15 22:22:37 | 00,975,894 | ---- | M] () -- C:\Documents and Settings\DeeBo\My Documents\07-15-2009 10;22;37PM.PSD
[2009/07/15 08:47:38 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 07:56:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/15 06:21:45 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/07/15 06:15:17 | 00,098,989 | ---- | M] () -- C:\MGlogs.zip
[2009/07/15 06:07:36 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/07/15 03:12:02 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/15 03:12:02 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/07/15 03:01:32 | 43,985,744 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\DeeBo\Desktop\kis8.0.0.506en.exe
[2009/07/15 02:18:30 | 00,046,157 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\DeeBo\Desktop\GooredFix.exe
[2009/07/15 01:40:13 | 01,343,301 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\MGtools.exe
[2009/07/15 01:34:43 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/07/12 21:39:46 | 00,469,504 | ---- | M] ( ) -- C:\Documents and Settings\DeeBo\Desktop\RootRepeal.exe
[2009/07/07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/06 14:38:06 | 00,000,525 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/07/05 07:24:09 | 01,439,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/03 20:23:38 | 00,029,664 | ---- | M] () -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/03 20:03:53 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\Defraggler.lnk
[2009/07/02 05:43:54 | 00,066,560 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/07/02 05:43:54 | 00,058,368 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/07/02 02:22:39 | 00,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2009/06/30 18:04:22 | 04,807,814 | -H-- | M] () -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\IconCache.db
[2009/06/30 01:11:56 | 00,000,180 | ---- | M] () -- C:\WINDOWS\wininit.ini

========== LOP Check ==========

[2009/07/15 06:58:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/14 23:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/05/15 01:27:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/07/06 14:55:37 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/05/14 16:48:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/07/15 22:55:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/02 02:27:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\DeeBo\Application Data
[2009/06/08 05:20:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Alien Skin
[2009/06/03 10:00:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Artweaver
[2009/06/10 11:42:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Azureus
[2009/07/19 14:29:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\FileZilla
[2009/07/16 14:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\HLSW
[2009/05/13 23:17:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Nvu
[2009/06/09 02:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\PeaZip
[2009/06/02 21:00:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Search Settings
[2009/07/02 02:27:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Skinux
[2009/05/13 20:26:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Styler
[2009/05/13 21:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\SystemRequirementsLab
[2009/05/28 01:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\teamspeak2
[2009/07/15 07:56:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001/08/23 23:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/16 14:25:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

Thank you very much for any help. I will be by PC all day if you need anything else.

Edited by WhiZZlE, 19 July 2009 - 12:59 PM.

  • 0

#4
WhiZZlE
Posted 19 July 2009 - 01:01 PM

WhiZZlE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Sorry :) Here is the extras log.


OTL Extras logfile created on: 7/19/2009 2:40:25 PM - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Documents and Settings\DeeBo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 76.81% Memory free
3.85 Gb Paging File | 3.51 Gb Available in Paging File | 91.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 127.92 Gb Free Space | 85.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEEBO-2E38CCA01
Current User Name: DeeBo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\WINDOWS\System32\Notepad2.exe ()
.ini [@ = inifile] -- C:\WINDOWS\System32\Notepad2.exe ()
.txt [@ = txtfile] -- C:\WINDOWS\System32\Notepad2.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00C908A6-8038-4101-909C-575D8B83B57D}" = PS3ThemeCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.1
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A1E9CF-BFC1-4309-80CD-C182D80922DB}_is1" = Artweaver 0.5
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.6.2
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E1230694-33DA-4E74-82E1-06CC9D545E9B}" = Windows Vista Sounds Pack
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"AC" = Attribute Changer 5.30
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Blow Up" = Alien Skin Blow Up
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"Defraggler" = Defraggler (remove only)
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"EyeCandy5Impact" = Alien Skin Eye Candy 5 Impact
"EyeCandy5Textures" = Alien Skin Eye Candy 5 Textures
"FileZilla Client" = FileZilla Client 3.2.6.1
"Fotosizer" = Fotosizer 1.22
"HijackThis" = HijackThis 2.0.2
"HLSW_is1" = HLSW v1.3.1
"IconPackager" = IconPackager
"ie8" = Windows Internet Explorer 8
"Image Doctor" = Alien Skin Image Doctor
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"Kristanix Right Click Image Converter" = Right Click Image Converter
"LClock" = LClock
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"mmm" = PowerTweaK Menu (mmm)
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Precision" = EVGA Precision 1.7.1
"Refreshem" = RefreshEM
"Registry Mechanic_is1" = Registry Mechanic 8.0
"RegShot" = RegShot
"Reshack" = Resource Hacker
"SendTO" = Sendto Xtras
"Steam App 211" = Source SDK
"Steam App 440" = Team Fortress 2
"SystemRequirementsLab" = System Requirements Lab
"TaskSwitchXP" = TaskSwitchXP
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Unlocker" = Unlocker 1.8.6
"Virtual Painter 5 (for Photoshop)" = Virtual Painter 5 (for Photoshop)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xenofex2" = Alien Skin Xenofex 2
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/14/2009 5:50:12 AM | Computer Name = DEEBO-2E38CCA01 | Source = Windows Product Activation | ID = 1010
Description = The Windows license was restored due to a system error. You might
need to reactivate your Windows product.

Error - 7/14/2009 11:37:33 PM | Computer Name = DEEBO-2E38CCA01 | Source = Windows Product Activation | ID = 1010
Description = The Windows license was restored due to a system error. You might
need to reactivate your Windows product.

Error - 7/15/2009 6:34:14 AM | Computer Name = DEEBO-2E38CCA01 | Source = Application Error | ID = 1000
Description = Faulting application pev.cfexe, version 0.0.0.0, faulting module pev.cfexe,
version 0.0.0.0, fault address 0x0005dcae.

Error - 7/15/2009 8:43:13 AM | Computer Name = DEEBO-2E38CCA01 | Source = MsiInstaller | ID = 1013
Description = Product: Kaspersky Internet Security 2009 -- You must restart your
computer before proceeding with the installation.

Error - 7/15/2009 11:00:23 PM | Computer Name = DEEBO-2E38CCA01 | Source = Application Error | ID = 1000
Description = Faulting application avp.exe, version 8.0.0.508, faulting module basegui.ppl,
version 8.0.0.506, fault address 0x000ebce8.

Error - 7/15/2009 11:02:46 PM | Computer Name = DEEBO-2E38CCA01 | Source = Application Error | ID = 1000
Description = Faulting application avp.exe, version 8.0.0.508, faulting module basegui.ppl,
version 8.0.0.506, fault address 0x000ebce8.

Error - 7/15/2009 11:03:48 PM | Computer Name = DEEBO-2E38CCA01 | Source = Application Error | ID = 1000
Description = Faulting application avp.exe, version 8.0.0.508, faulting module basegui.ppl,
version 8.0.0.506, fault address 0x000ebce8.

Error - 7/15/2009 11:04:13 PM | Computer Name = DEEBO-2E38CCA01 | Source = Application Error | ID = 1000
Description = Faulting application avp.exe, version 8.0.0.508, faulting module basegui.ppl,
version 8.0.0.506, fault address 0x000ebce8.

Error - 7/15/2009 11:04:42 PM | Computer Name = DEEBO-2E38CCA01 | Source = Application Error | ID = 1000
Description = Faulting application avp.exe, version 8.0.0.508, faulting module basegui.ppl,
version 8.0.0.506, fault address 0x000ebce8.

Error - 7/15/2009 11:44:24 PM | Computer Name = DEEBO-2E38CCA01 | Source = Application Error | ID = 1000
Description = Faulting application pev.cfexe, version 0.0.0.0, faulting module pev.cfexe,
version 0.0.0.0, fault address 0x0005dcae.

[ System Events ]
Error - 7/6/2009 6:02:43 PM | Computer Name = DEEBO-2E38CCA01 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 001617113DBA has been denied by the DHCP server 68.87.77.16 (The DHCP Server
sent a DHCPNACK message).

Error - 7/6/2009 6:10:11 PM | Computer Name = DEEBO-2E38CCA01 | Source = Dhcp | ID = 1002
Description = The IP address lease 24.11.43.9 for the Network Card with network
address 001617113DBA has been denied by the DHCP server 192.168.100.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/6/2009 6:10:15 PM | Computer Name = DEEBO-2E38CCA01 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/6/2009 6:10:15 PM | Computer Name = DEEBO-2E38CCA01 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 7/6/2009 6:10:52 PM | Computer Name = DEEBO-2E38CCA01 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
the Network Card with network address 001617113DBA.

Error - 7/6/2009 6:12:35 PM | Computer Name = DEEBO-2E38CCA01 | Source = Dhcp | ID = 1002
Description = The IP address lease 24.11.43.9 for the Network Card with network
address 001617113DBA has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/6/2009 6:23:41 PM | Computer Name = DEEBO-2E38CCA01 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 001617113DBA has been denied by the DHCP server 192.168.100.1 (The DHCP
Server sent a DHCPNACK message).

Error - 7/6/2009 6:24:12 PM | Computer Name = DEEBO-2E38CCA01 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.2 on
the Network Card with network address 001617113DBA.

Error - 7/6/2009 6:25:14 PM | Computer Name = DEEBO-2E38CCA01 | Source = Dhcp | ID = 1002
Description = The IP address lease 24.11.43.9 for the Network Card with network
address 001617113DBA has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/12/2009 6:13:44 AM | Computer Name = DEEBO-2E38CCA01 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.


< End of report >
  • 0

#5
IndiGenus
Posted 19 July 2009 - 04:22 PM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Interesting....

Please do the following. Delete the combofix that you used earlier, then download and run a fresh copy as instructed.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new OTL log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0

#6
WhiZZlE
Posted 19 July 2009 - 04:41 PM

WhiZZlE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hi,
Thanx for the response.
I have ran combofix before and it is still saying I have avg installed. I ran the avg remover and said it removed it so I don't know what to do. I also keep getting a message saying not enough memory to complete the sort or something like that.
Thanx again for your time.
  • 0

#7
IndiGenus
Posted 19 July 2009 - 04:47 PM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Run combofix with the AVG still showing anyway if you can. This seems to be a common issue with AVG lately not completely removing itself.

On the "not enough memory" issue...are you getting that when running combofix? Have you tried removing the old one and downloading a fresh copy? Also making sure to rename it as instructed in my last post? Give me a little more detail if you're still seeing the problem.
  • 0

#8
WhiZZlE
Posted 19 July 2009 - 05:20 PM

WhiZZlE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Yes I am getting that error when it first starts up but it finishes and here is the log. Also OTL does not give me extras log no more. It only gave it to me first time I ran it. Thank you.

ComboFix 09-07-19.02 - DeeBo 07/19/2009 18:58.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1690 [GMT -4:00]
Running from: c:\documents and settings\DeeBo\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 19:28 . 2009-07-15 10:07 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-16_03.47.32 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-03-07 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-03-07 169984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)


R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [2005-05-25 4608]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.plushieworks.com/
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZJfox000
FF - ProfilePath - c:\docume~1\DeeBo\APPLIC~1\Mozilla\Firefox\Profiles\exoar423.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.whizzles-arcade.com/

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- File Associations -------
.
inffile=c:\windows\system32\Notepad2.exe %1
inifile=c:\windows\system32\Notepad2.exe %1
txtfile=c:\windows\system32\Notepad2.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 19:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
geyekrurhkqnvq.dll 10000000 32768 \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(692)
geyekrurhkqnvq.dll 10000000 32768 \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-07-19 19:10
ComboFix-quarantined-files.txt 2009-07-19 23:10
ComboFix2.txt 2009-07-16 03:51

Pre-Run: 137,365,975,040 bytes free
Post-Run: 137,366,573,056 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
142 --- E O F --- 2009-07-15 12:47

OTL logfile created on: 7/19/2009 7:18:17 PM - Run 6
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Documents and Settings\DeeBo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.53% Memory free
3.85 Gb Paging File | 3.57 Gb Available in Paging File | 92.65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 127.95 Gb Free Space | 85.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEEBO-2E38CCA01
Current User Name: DeeBo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\DeeBo\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (dlbt_device [On_Demand | Stopped]) -- C:\WINDOWS\System32\dlbtcoms.exe (Dell)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (ForcewareWebInterface [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nSvcIp [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)
SRV - (nSvcLog [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
SRV - (nvsvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (catchme [On_Demand | Running]) -- File not found
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTCore32 [On_Demand | Stopped]) -- C:\Program Files\EVGA Precision\RTCore32.sys ()
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.plushieworks.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.whizzles-arcade.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/17 15:28:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/17 15:28:27 | 00,000,000 | ---D | M]

[2009/05/14 09:21:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\mozilla\Extensions
[2009/05/14 09:21:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/15 06:00:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\mozilla\Firefox\Profiles\exoar423.default\extensions
[2009/07/15 22:40:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/17 15:28:21 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/17 15:28:21 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/17 15:28:23 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/02/02 18:15:00 | 03,771,296 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2009/06/24 07:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 07:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 07:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 07:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 07:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 07:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 07:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (317082 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10879 more lines...
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1242310585812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/13 20:14:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/19 19:07:24 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/07/19 18:35:42 | 03,147,475 | R--- | C] () -- C:\Documents and Settings\DeeBo\Desktop\Combo-Fix.exe
[2009/07/19 14:39:07 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DeeBo\Desktop\OTL.exe
[2009/07/19 14:29:46 | 00,261,295 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\Plombie_family.psd
[2009/07/19 01:40:21 | 00,034,281 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\kanye_west_glasses.jpg
[2009/07/18 21:24:12 | 05,222,480 | ---- | C] () -- C:\Documents and Settings\DeeBo\My Documents\07-18-2009 09;24;11PM.PSD
[2009/07/16 13:45:22 | 01,511,190 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\slaton.psd
[2009/07/16 11:36:10 | 00,095,567 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\knickles_sig.png
[2009/07/16 09:04:31 | 00,031,089 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\icon_biggrin.psd
[2009/07/16 02:12:34 | 06,576,362 | ---- | C] () -- C:\Documents and Settings\DeeBo\My Documents\07-16-2009 02;12;34AM.PSD
[2009/07/16 02:09:18 | 01,539,298 | ---- | C] () -- C:\Documents and Settings\DeeBo\My Documents\07-16-2009 02;09;17AM.PSD
[2009/07/15 23:20:45 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/15 23:20:45 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/15 23:20:45 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/15 23:20:45 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/15 23:20:45 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/15 23:20:45 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/15 23:20:45 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/15 23:19:56 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/15 22:55:00 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DeeBo\Desktop\TFC.exe
[2009/07/15 22:22:37 | 00,975,894 | ---- | C] () -- C:\Documents and Settings\DeeBo\My Documents\07-15-2009 10;22;37PM.PSD
[2009/07/15 09:02:49 | 00,024,592 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klim5.sys
[2009/07/15 08:50:42 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/15 08:46:29 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 06:58:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/07/15 06:44:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/07/15 06:44:20 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/07/15 06:44:20 | 00,000,000 | ---D | C] -- C:\Program Files\movie maker
[2009/07/15 06:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\netmeeting
[2009/07/15 06:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2009/07/15 06:44:16 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/07/15 06:38:08 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/15 06:38:08 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/15 06:38:08 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/15 06:38:08 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/15 06:38:08 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/15 06:38:08 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/15 06:38:08 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/15 06:38:08 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/15 06:38:08 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/15 06:38:08 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/15 06:38:08 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/15 06:38:08 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/15 06:38:08 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/15 06:38:08 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/15 06:38:08 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/15 06:38:08 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/15 06:38:08 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/07/15 06:38:08 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/15 06:38:08 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/15 06:38:08 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/07/15 06:38:08 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/15 06:38:08 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/07/15 06:38:08 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/15 06:38:08 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/15 06:38:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/15 06:38:08 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/15 06:38:08 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/15 06:38:08 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/15 06:38:08 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/15 06:38:08 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/15 06:38:08 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/15 06:38:08 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/15 06:38:08 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/07/15 06:38:08 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/15 06:38:08 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/07/15 06:38:08 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/07/15 06:38:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/15 06:21:44 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/07/15 06:21:39 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/07/15 06:21:38 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/07/15 06:19:44 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/15 06:07:36 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/07/15 03:07:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/07/15 03:00:14 | 43,985,744 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\DeeBo\Desktop\kis8.0.0.506en.exe
[2009/07/15 03:00:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\My Documents\Downloads
[2009/07/15 02:46:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/15 02:44:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\ApplicationHistory
[2009/07/15 02:41:24 | 00,098,989 | ---- | C] () -- C:\MGlogs.zip
[2009/07/15 02:41:21 | 00,000,000 | ---D | C] -- C:\MGtools
[2009/07/15 02:18:30 | 00,046,157 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\DeeBo\Desktop\GooredFix.exe
[2009/07/15 01:40:08 | 01,343,301 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\MGtools.exe
[2009/07/15 01:39:45 | 00,469,504 | ---- | C] ( ) -- C:\Documents and Settings\DeeBo\Desktop\RootRepeal.exe
[2009/07/15 01:34:43 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/14 23:41:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\AVG Security Toolbar
[2009/07/14 23:39:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/07/14 23:39:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/07/14 23:37:41 | 00,000,104 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2009/07/14 23:37:33 | 00,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/14 23:18:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/07/14 05:38:32 | 01,183,173 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\gta_wp.psd
[2009/07/13 21:14:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/07/06 14:55:37 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/07/06 14:55:30 | 00,140,288 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM7D.DLL
[2009/07/06 14:55:30 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7D.DLL
[2009/07/05 07:22:33 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/07/05 07:22:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/07/05 07:22:00 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/07/05 07:22:00 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/07/05 07:16:50 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/07/03 20:03:53 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\Defraggler.lnk
[2009/07/03 20:03:52 | 00,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2009/07/03 03:00:17 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/07/02 02:27:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\KodakGallery
[2009/07/02 02:27:30 | 00,066,560 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/07/02 02:27:30 | 00,058,368 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/07/02 02:27:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Application Data\Skinux
[2009/07/02 02:24:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/07/02 02:22:39 | 00,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2009/07/02 02:22:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2009/07/02 02:22:26 | 00,000,000 | ---D | C] -- C:\Program Files\Kodak
[2009/07/02 02:21:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2009/06/30 01:11:55 | 00,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/28 04:33:38 | 00,001,150 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\favicon.ico
[2009/06/28 00:00:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Desktop\PW
[2009/06/27 12:48:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\My Documents\My Google Gadgets
[2009/06/27 12:47:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\Google
[2009/06/27 12:47:51 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/06/10 09:42:38 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/07 14:56:28 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/06/05 05:43:43 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/05 05:43:43 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/06/05 05:43:13 | 00,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2009/05/15 19:07:26 | 00,000,525 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2009/05/15 18:57:54 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2009/05/15 18:57:54 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2009/05/15 18:57:53 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2009/05/15 18:57:53 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2009/05/15 18:57:53 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2009/05/15 18:57:53 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2009/05/15 18:57:53 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2009/05/15 18:57:52 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2009/05/15 18:57:52 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2009/05/15 18:57:52 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2009/05/15 18:57:49 | 00,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2009/05/13 20:05:53 | 00,012,442 | ---- | C] () -- C:\WINDOWS\System32\Notepad2.ini
[2009/05/13 20:05:52 | 00,175,616 | ---- | C] () -- C:\WINDOWS\System32\mmm.dll
[2009/05/01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2001/08/23 23:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 23:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[2009/07/19 19:10:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/19 19:07:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/19 18:57:57 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/19 18:57:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/19 18:35:42 | 03,147,475 | R--- | M] () -- C:\Documents and Settings\DeeBo\Desktop\Combo-Fix.exe
[2009/07/19 14:39:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DeeBo\Desktop\OTL.exe
[2009/07/19 14:29:46 | 00,261,295 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\Plombie_family.psd
[2009/07/19 14:29:25 | 00,031,089 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\icon_biggrin.psd
[2009/07/19 01:40:21 | 00,034,281 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\kanye_west_glasses.jpg
[2009/07/18 21:24:12 | 05,222,480 | ---- | M] () -- C:\Documents and Settings\DeeBo\My Documents\07-18-2009 09;24;11PM.PSD
[2009/07/17 15:14:52 | 00,001,150 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\favicon.ico
[2009/07/17 02:50:55 | 01,183,173 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\gta_wp.psd
[2009/07/16 14:25:26 | 00,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/07/16 14:22:16 | 01,511,190 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\slaton.psd
[2009/07/16 13:58:40 | 00,095,567 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\knickles_sig.png
[2009/07/16 02:12:34 | 06,576,362 | ---- | M] () -- C:\Documents and Settings\DeeBo\My Documents\07-16-2009 02;12;34AM.PSD
[2009/07/16 02:09:18 | 01,539,298 | ---- | M] () -- C:\Documents and Settings\DeeBo\My Documents\07-16-2009 02;09;17AM.PSD
[2009/07/16 00:24:02 | 00,012,442 | ---- | M] () -- C:\WINDOWS\System32\Notepad2.ini
[2009/07/15 22:55:00 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DeeBo\Desktop\TFC.exe
[2009/07/15 22:22:37 | 00,975,894 | ---- | M] () -- C:\Documents and Settings\DeeBo\My Documents\07-15-2009 10;22;37PM.PSD
[2009/07/15 08:47:38 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 07:56:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/15 06:21:45 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/07/15 06:15:17 | 00,098,989 | ---- | M] () -- C:\MGlogs.zip
[2009/07/15 06:07:36 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/07/15 03:12:02 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/15 03:12:02 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/07/15 03:01:32 | 43,985,744 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\DeeBo\Desktop\kis8.0.0.506en.exe
[2009/07/15 02:18:30 | 00,046,157 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\DeeBo\Desktop\GooredFix.exe
[2009/07/15 01:40:13 | 01,343,301 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\MGtools.exe
[2009/07/15 01:34:43 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/07/12 21:39:46 | 00,469,504 | ---- | M] ( ) -- C:\Documents and Settings\DeeBo\Desktop\RootRepeal.exe
[2009/07/07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/06 14:38:06 | 00,000,525 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/07/05 07:24:09 | 01,439,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/03 20:23:38 | 00,029,664 | ---- | M] () -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/03 20:03:53 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\Defraggler.lnk
[2009/07/02 05:43:54 | 00,066,560 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/07/02 05:43:54 | 00,058,368 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/07/02 02:22:39 | 00,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2009/06/30 18:04:22 | 04,807,814 | -H-- | M] () -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\IconCache.db
[2009/06/30 01:11:56 | 00,000,180 | ---- | M] () -- C:\WINDOWS\wininit.ini

========== LOP Check ==========

[2009/07/15 06:58:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/14 23:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/05/15 01:27:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/07/06 14:55:37 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/05/14 16:48:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/07/15 22:55:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/02 02:27:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\DeeBo\Application Data
[2009/06/08 05:20:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Alien Skin
[2009/06/03 10:00:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Artweaver
[2009/06/10 11:42:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Azureus
[2009/07/19 14:29:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\FileZilla
[2009/07/16 14:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\HLSW
[2009/05/13 23:17:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Nvu
[2009/06/09 02:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\PeaZip
[2009/06/02 21:00:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Search Settings
[2009/07/02 02:27:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Skinux
[2009/05/13 20:26:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Styler
[2009/05/13 21:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\SystemRequirementsLab
[2009/05/28 01:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\teamspeak2
[2009/07/15 07:56:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001/08/23 23:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/19 19:10:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
  • 0

#9
WhiZZlE
Posted 19 July 2009 - 05:21 PM

WhiZZlE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Yes I am getting that error when it first starts up but it finishes and here is the log. Also OTL does not give me extras log no more. It only gave it to me first time I ran it. Thank you.

ComboFix 09-07-19.02 - DeeBo 07/19/2009 18:58.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1690 [GMT -4:00]
Running from: c:\documents and settings\DeeBo\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: NVIDIA Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 19:28 . 2009-07-15 10:07 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-16_03.47.32 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-03-07 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-03-07 169984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\program files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)


R3 RTCore32;RTCore32;c:\program files\EVGA Precision\RTCore32.sys [2005-05-25 4608]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.plushieworks.com/
uInternet Settings,ProxyOverride = *.local
IE: &Search - ?p=ZJfox000
FF - ProfilePath - c:\docume~1\DeeBo\APPLIC~1\Mozilla\Firefox\Profiles\exoar423.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.whizzles-arcade.com/

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- File Associations -------
.
inffile=c:\windows\system32\Notepad2.exe %1
inifile=c:\windows\system32\Notepad2.exe %1
txtfile=c:\windows\system32\Notepad2.exe %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 19:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
geyekrurhkqnvq.dll 10000000 32768 \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(692)
geyekrurhkqnvq.dll 10000000 32768 \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-07-19 19:10
ComboFix-quarantined-files.txt 2009-07-19 23:10
ComboFix2.txt 2009-07-16 03:51

Pre-Run: 137,365,975,040 bytes free
Post-Run: 137,366,573,056 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
142 --- E O F --- 2009-07-15 12:47

OTL logfile created on: 7/19/2009 7:18:17 PM - Run 6
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Documents and Settings\DeeBo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.53% Memory free
3.85 Gb Paging File | 3.57 Gb Available in Paging File | 92.65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 127.95 Gb Free Space | 85.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEEBO-2E38CCA01
Current User Name: DeeBo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\DeeBo\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (dlbt_device [On_Demand | Stopped]) -- C:\WINDOWS\System32\dlbtcoms.exe (Dell)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (ForcewareWebInterface [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nSvcIp [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)
SRV - (nSvcLog [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
SRV - (nvsvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (catchme [On_Demand | Running]) -- File not found
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTCore32 [On_Demand | Stopped]) -- C:\Program Files\EVGA Precision\RTCore32.sys ()
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.plushieworks.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.whizzles-arcade.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/17 15:28:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/17 15:28:27 | 00,000,000 | ---D | M]

[2009/05/14 09:21:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\mozilla\Extensions
[2009/05/14 09:21:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/15 06:00:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\mozilla\Firefox\Profiles\exoar423.default\extensions
[2009/07/15 22:40:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/17 15:28:21 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/17 15:28:21 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/17 15:28:23 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/02/02 18:15:00 | 03,771,296 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2009/06/24 07:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 07:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 07:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 07:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 07:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 07:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 07:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (317082 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10879 more lines...
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1242310585812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/13 20:14:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/19 19:07:24 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/07/19 18:35:42 | 03,147,475 | R--- | C] () -- C:\Documents and Settings\DeeBo\Desktop\Combo-Fix.exe
[2009/07/19 14:39:07 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DeeBo\Desktop\OTL.exe
[2009/07/19 14:29:46 | 00,261,295 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\Plombie_family.psd
[2009/07/19 01:40:21 | 00,034,281 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\kanye_west_glasses.jpg
[2009/07/18 21:24:12 | 05,222,480 | ---- | C] () -- C:\Documents and Settings\DeeBo\My Documents\07-18-2009 09;24;11PM.PSD
[2009/07/16 13:45:22 | 01,511,190 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\slaton.psd
[2009/07/16 11:36:10 | 00,095,567 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\knickles_sig.png
[2009/07/16 09:04:31 | 00,031,089 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\icon_biggrin.psd
[2009/07/16 02:12:34 | 06,576,362 | ---- | C] () -- C:\Documents and Settings\DeeBo\My Documents\07-16-2009 02;12;34AM.PSD
[2009/07/16 02:09:18 | 01,539,298 | ---- | C] () -- C:\Documents and Settings\DeeBo\My Documents\07-16-2009 02;09;17AM.PSD
[2009/07/15 23:20:45 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/15 23:20:45 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/15 23:20:45 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/15 23:20:45 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/15 23:20:45 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/15 23:20:45 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/15 23:20:45 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/15 23:19:56 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/15 22:55:00 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DeeBo\Desktop\TFC.exe
[2009/07/15 22:22:37 | 00,975,894 | ---- | C] () -- C:\Documents and Settings\DeeBo\My Documents\07-15-2009 10;22;37PM.PSD
[2009/07/15 09:02:49 | 00,024,592 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klim5.sys
[2009/07/15 08:50:42 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/15 08:46:29 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 06:58:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/07/15 06:44:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/07/15 06:44:20 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/07/15 06:44:20 | 00,000,000 | ---D | C] -- C:\Program Files\movie maker
[2009/07/15 06:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\netmeeting
[2009/07/15 06:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2009/07/15 06:44:16 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/07/15 06:38:08 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/15 06:38:08 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/15 06:38:08 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/15 06:38:08 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/15 06:38:08 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/15 06:38:08 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/15 06:38:08 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/15 06:38:08 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/15 06:38:08 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/15 06:38:08 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/15 06:38:08 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/15 06:38:08 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/15 06:38:08 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/15 06:38:08 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/15 06:38:08 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/15 06:38:08 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/15 06:38:08 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/07/15 06:38:08 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/15 06:38:08 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/15 06:38:08 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/07/15 06:38:08 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/15 06:38:08 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/07/15 06:38:08 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/15 06:38:08 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/15 06:38:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/15 06:38:08 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/15 06:38:08 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/15 06:38:08 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/15 06:38:08 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/15 06:38:08 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/15 06:38:08 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/15 06:38:08 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/15 06:38:08 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/07/15 06:38:08 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/15 06:38:08 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/07/15 06:38:08 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/07/15 06:38:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/15 06:21:44 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/07/15 06:21:39 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/07/15 06:21:38 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/07/15 06:19:44 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/15 06:07:36 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/07/15 03:07:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/07/15 03:00:14 | 43,985,744 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\DeeBo\Desktop\kis8.0.0.506en.exe
[2009/07/15 03:00:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\My Documents\Downloads
[2009/07/15 02:46:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/15 02:44:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\ApplicationHistory
[2009/07/15 02:41:24 | 00,098,989 | ---- | C] () -- C:\MGlogs.zip
[2009/07/15 02:41:21 | 00,000,000 | ---D | C] -- C:\MGtools
[2009/07/15 02:18:30 | 00,046,157 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\DeeBo\Desktop\GooredFix.exe
[2009/07/15 01:40:08 | 01,343,301 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\MGtools.exe
[2009/07/15 01:39:45 | 00,469,504 | ---- | C] ( ) -- C:\Documents and Settings\DeeBo\Desktop\RootRepeal.exe
[2009/07/15 01:34:43 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/14 23:41:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\AVG Security Toolbar
[2009/07/14 23:39:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/07/14 23:39:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/07/14 23:37:41 | 00,000,104 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2009/07/14 23:37:33 | 00,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/14 23:18:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/07/14 05:38:32 | 01,183,173 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\gta_wp.psd
[2009/07/13 21:14:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/07/06 14:55:37 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/07/06 14:55:30 | 00,140,288 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM7D.DLL
[2009/07/06 14:55:30 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7D.DLL
[2009/07/05 07:22:33 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/07/05 07:22:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/07/05 07:22:00 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/07/05 07:22:00 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/07/05 07:16:50 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/07/03 20:03:53 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\Defraggler.lnk
[2009/07/03 20:03:52 | 00,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2009/07/03 03:00:17 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/07/02 02:27:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\KodakGallery
[2009/07/02 02:27:30 | 00,066,560 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/07/02 02:27:30 | 00,058,368 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/07/02 02:27:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Application Data\Skinux
[2009/07/02 02:24:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/07/02 02:22:39 | 00,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2009/07/02 02:22:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2009/07/02 02:22:26 | 00,000,000 | ---D | C] -- C:\Program Files\Kodak
[2009/07/02 02:21:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2009/06/30 01:11:55 | 00,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/28 04:33:38 | 00,001,150 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\favicon.ico
[2009/06/28 00:00:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Desktop\PW
[2009/06/27 12:48:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\My Documents\My Google Gadgets
[2009/06/27 12:47:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\Google
[2009/06/27 12:47:51 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/06/10 09:42:38 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/07 14:56:28 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/06/05 05:43:43 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/05 05:43:43 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/06/05 05:43:13 | 00,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2009/05/15 19:07:26 | 00,000,525 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2009/05/15 18:57:54 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2009/05/15 18:57:54 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2009/05/15 18:57:53 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2009/05/15 18:57:53 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2009/05/15 18:57:53 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2009/05/15 18:57:53 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2009/05/15 18:57:53 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2009/05/15 18:57:52 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2009/05/15 18:57:52 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2009/05/15 18:57:52 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2009/05/15 18:57:49 | 00,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2009/05/13 20:05:53 | 00,012,442 | ---- | C] () -- C:\WINDOWS\System32\Notepad2.ini
[2009/05/13 20:05:52 | 00,175,616 | ---- | C] () -- C:\WINDOWS\System32\mmm.dll
[2009/05/01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2001/08/23 23:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 23:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[2009/07/19 19:10:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/19 19:07:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/19 18:57:57 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/19 18:57:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/19 18:35:42 | 03,147,475 | R--- | M] () -- C:\Documents and Settings\DeeBo\Desktop\Combo-Fix.exe
[2009/07/19 14:39:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DeeBo\Desktop\OTL.exe
[2009/07/19 14:29:46 | 00,261,295 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\Plombie_family.psd
[2009/07/19 14:29:25 | 00,031,089 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\icon_biggrin.psd
[2009/07/19 01:40:21 | 00,034,281 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\kanye_west_glasses.jpg
[2009/07/18 21:24:12 | 05,222,480 | ---- | M] () -- C:\Documents and Settings\DeeBo\My Documents\07-18-2009 09;24;11PM.PSD
[2009/07/17 15:14:52 | 00,001,150 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\favicon.ico
[2009/07/17 02:50:55 | 01,183,173 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\gta_wp.psd
[2009/07/16 14:25:26 | 00,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/07/16 14:22:16 | 01,511,190 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\slaton.psd
[2009/07/16 13:58:40 | 00,095,567 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\knickles_sig.png
[2009/07/16 02:12:34 | 06,576,362 | ---- | M] () -- C:\Documents and Settings\DeeBo\My Documents\07-16-2009 02;12;34AM.PSD
[2009/07/16 02:09:18 | 01,539,298 | ---- | M] () -- C:\Documents and Settings\DeeBo\My Documents\07-16-2009 02;09;17AM.PSD
[2009/07/16 00:24:02 | 00,012,442 | ---- | M] () -- C:\WINDOWS\System32\Notepad2.ini
[2009/07/15 22:55:00 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DeeBo\Desktop\TFC.exe
[2009/07/15 22:22:37 | 00,975,894 | ---- | M] () -- C:\Documents and Settings\DeeBo\My Documents\07-15-2009 10;22;37PM.PSD
[2009/07/15 08:47:38 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 07:56:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/15 06:21:45 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/07/15 06:15:17 | 00,098,989 | ---- | M] () -- C:\MGlogs.zip
[2009/07/15 06:07:36 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/07/15 03:12:02 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/15 03:12:02 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/07/15 03:01:32 | 43,985,744 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\DeeBo\Desktop\kis8.0.0.506en.exe
[2009/07/15 02:18:30 | 00,046,157 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\DeeBo\Desktop\GooredFix.exe
[2009/07/15 01:40:13 | 01,343,301 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\MGtools.exe
[2009/07/15 01:34:43 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/07/12 21:39:46 | 00,469,504 | ---- | M] ( ) -- C:\Documents and Settings\DeeBo\Desktop\RootRepeal.exe
[2009/07/07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/06 14:38:06 | 00,000,525 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/07/05 07:24:09 | 01,439,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/03 20:23:38 | 00,029,664 | ---- | M] () -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/03 20:03:53 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\Defraggler.lnk
[2009/07/02 05:43:54 | 00,066,560 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/07/02 05:43:54 | 00,058,368 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/07/02 02:22:39 | 00,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2009/06/30 18:04:22 | 04,807,814 | -H-- | M] () -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\IconCache.db
[2009/06/30 01:11:56 | 00,000,180 | ---- | M] () -- C:\WINDOWS\wininit.ini

========== LOP Check ==========

[2009/07/15 06:58:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/14 23:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/05/15 01:27:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/07/06 14:55:37 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/05/14 16:48:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/07/15 22:55:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/02 02:27:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\DeeBo\Application Data
[2009/06/08 05:20:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Alien Skin
[2009/06/03 10:00:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Artweaver
[2009/06/10 11:42:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Azureus
[2009/07/19 14:29:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\FileZilla
[2009/07/16 14:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\HLSW
[2009/05/13 23:17:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Nvu
[2009/06/09 02:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\PeaZip
[2009/06/02 21:00:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Search Settings
[2009/07/02 02:27:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Skinux
[2009/05/13 20:26:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Styler
[2009/05/13 21:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\SystemRequirementsLab
[2009/05/28 01:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\teamspeak2
[2009/07/15 07:56:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001/08/23 23:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/19 19:10:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
  • 0

#10
IndiGenus
Posted 19 July 2009 - 05:28 PM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts

Also OTL does not give me extras log no more.

Yes, that is normal as it only gives the extras on the first run unless specified. Don't need it at this point.

When you ran MalwareBytes' earlier I don't think clicked on remove selected.

\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (Trojan.TDSS) -> No action taken.

The no action taken indicates this. Let's run it again and follow all of the instructions below.

Run MalwareBytes' Anti-Malware again and update before scanning.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply along with a OTL log.

  • 0

Advertisements

#11
WhiZZlE
Posted 19 July 2009 - 05:34 PM

WhiZZlE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Malwarebytes' Anti-Malware 1.39
Database version: 2464
Windows 5.1.2600 Service Pack 3

7/19/2009 7:32:57 PM
mbam-log-2009-07-19 (19-32-57).txt

Scan type: Quick Scan
Objects scanned: 89012
Time elapsed: 1 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

OTL logfile created on: 7/19/2009 7:33:51 PM - Run 7
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Documents and Settings\DeeBo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 76.41% Memory free
3.85 Gb Paging File | 3.56 Gb Available in Paging File | 92.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 127.94 Gb Free Space | 85.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DEEBO-2E38CCA01
Current User Name: DeeBo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\DeeBo\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (dlbt_device [On_Demand | Stopped]) -- C:\WINDOWS\System32\dlbtcoms.exe (Dell)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (ForcewareWebInterface [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Apache Software Foundation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nSvcIp [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA)
SRV - (nSvcLog [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA)
SRV - (nvsvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (catchme [On_Demand | Running]) -- File not found
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvata [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTCore32 [On_Demand | Stopped]) -- C:\Program Files\EVGA Precision\RTCore32.sys ()
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.plushieworks.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.whizzles-arcade.com/"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/17 15:28:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/17 15:28:27 | 00,000,000 | ---D | M]

[2009/05/14 09:21:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\mozilla\Extensions
[2009/05/14 09:21:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/15 06:00:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\mozilla\Firefox\Profiles\exoar423.default\extensions
[2009/07/15 22:40:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/17 15:28:21 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/17 15:28:21 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/17 15:28:23 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/05 07:02:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/02/02 18:15:00 | 03,771,296 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2009/06/24 07:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 07:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 07:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 07:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 07:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 07:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 07:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (317082 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10879 more lines...
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1242310585812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/13 20:14:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/19 19:30:47 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/19 19:07:24 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/07/19 18:35:42 | 03,147,475 | R--- | C] () -- C:\Documents and Settings\DeeBo\Desktop\Combo-Fix.exe
[2009/07/19 14:39:07 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DeeBo\Desktop\OTL.exe
[2009/07/19 14:29:46 | 00,261,295 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\Plombie_family.psd
[2009/07/19 01:40:21 | 00,034,281 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\kanye_west_glasses.jpg
[2009/07/18 21:24:12 | 05,222,480 | ---- | C] () -- C:\Documents and Settings\DeeBo\My Documents\07-18-2009 09;24;11PM.PSD
[2009/07/16 13:45:22 | 01,511,190 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\slaton.psd
[2009/07/16 11:36:10 | 00,095,567 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\knickles_sig.png
[2009/07/16 09:04:31 | 00,031,089 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\icon_biggrin.psd
[2009/07/16 02:12:34 | 06,576,362 | ---- | C] () -- C:\Documents and Settings\DeeBo\My Documents\07-16-2009 02;12;34AM.PSD
[2009/07/16 02:09:18 | 01,539,298 | ---- | C] () -- C:\Documents and Settings\DeeBo\My Documents\07-16-2009 02;09;17AM.PSD
[2009/07/15 23:20:45 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/15 23:20:45 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/15 23:20:45 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/15 23:20:45 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/15 23:20:45 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/15 23:20:45 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/15 23:20:45 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/15 23:19:56 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/15 22:55:00 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DeeBo\Desktop\TFC.exe
[2009/07/15 22:22:37 | 00,975,894 | ---- | C] () -- C:\Documents and Settings\DeeBo\My Documents\07-15-2009 10;22;37PM.PSD
[2009/07/15 09:02:49 | 00,024,592 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klim5.sys
[2009/07/15 08:50:42 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/07/15 08:46:29 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 06:58:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/07/15 06:44:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/07/15 06:44:20 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/07/15 06:44:20 | 00,000,000 | ---D | C] -- C:\Program Files\movie maker
[2009/07/15 06:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\netmeeting
[2009/07/15 06:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2009/07/15 06:44:16 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/07/15 06:38:08 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/15 06:38:08 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/15 06:38:08 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/15 06:38:08 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/15 06:38:08 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/15 06:38:08 | 00,927,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/15 06:38:08 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/15 06:38:08 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/15 06:38:08 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/15 06:38:08 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/15 06:38:08 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/15 06:38:08 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/15 06:38:08 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/15 06:38:08 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/15 06:38:08 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/15 06:38:08 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/15 06:38:08 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/07/15 06:38:08 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/15 06:38:08 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/15 06:38:08 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/07/15 06:38:08 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/15 06:38:08 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/07/15 06:38:08 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/15 06:38:08 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/15 06:38:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/15 06:38:08 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/15 06:38:08 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/15 06:38:08 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/15 06:38:08 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/15 06:38:08 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/15 06:38:08 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/15 06:38:08 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/15 06:38:08 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/07/15 06:38:08 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/15 06:38:08 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/07/15 06:38:08 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/07/15 06:38:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/15 06:21:44 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/07/15 06:21:39 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/07/15 06:21:38 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/07/15 06:19:44 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/15 06:07:36 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/07/15 03:07:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/07/15 03:00:14 | 43,985,744 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\DeeBo\Desktop\kis8.0.0.506en.exe
[2009/07/15 03:00:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\My Documents\Downloads
[2009/07/15 02:46:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/15 02:44:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\ApplicationHistory
[2009/07/15 02:41:24 | 00,098,989 | ---- | C] () -- C:\MGlogs.zip
[2009/07/15 02:41:21 | 00,000,000 | ---D | C] -- C:\MGtools
[2009/07/15 02:18:30 | 00,046,157 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\DeeBo\Desktop\GooredFix.exe
[2009/07/15 01:40:08 | 01,343,301 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\MGtools.exe
[2009/07/15 01:39:45 | 00,469,504 | ---- | C] ( ) -- C:\Documents and Settings\DeeBo\Desktop\RootRepeal.exe
[2009/07/15 01:34:43 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/14 23:41:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\AVG Security Toolbar
[2009/07/14 23:39:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/07/14 23:39:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/07/14 23:37:41 | 00,000,104 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2009/07/14 23:37:33 | 00,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/14 23:18:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/07/14 05:38:32 | 01,183,173 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\gta_wp.psd
[2009/07/13 21:14:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/07/06 14:55:37 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/07/06 14:55:30 | 00,140,288 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM7D.DLL
[2009/07/06 14:55:30 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7D.DLL
[2009/07/05 07:22:33 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/07/05 07:22:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/07/05 07:22:00 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/07/05 07:22:00 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/07/05 07:16:50 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/07/03 20:03:53 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\Defraggler.lnk
[2009/07/03 20:03:52 | 00,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2009/07/03 03:00:17 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/07/02 02:27:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\KodakGallery
[2009/07/02 02:27:30 | 00,066,560 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/07/02 02:27:30 | 00,058,368 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/07/02 02:27:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Application Data\Skinux
[2009/07/02 02:24:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/07/02 02:22:39 | 00,001,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2009/07/02 02:22:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2009/07/02 02:22:26 | 00,000,000 | ---D | C] -- C:\Program Files\Kodak
[2009/07/02 02:21:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2009/06/30 01:11:55 | 00,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/06/28 04:33:38 | 00,001,150 | ---- | C] () -- C:\Documents and Settings\DeeBo\Desktop\favicon.ico
[2009/06/28 00:00:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Desktop\PW
[2009/06/27 12:48:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\My Documents\My Google Gadgets
[2009/06/27 12:47:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\Google
[2009/06/27 12:47:51 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/06/10 09:42:38 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/07 14:56:28 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/06/05 05:43:43 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/05 05:43:43 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/06/05 05:43:13 | 00,000,036 | -H-- | C] () -- C:\WINDOWS\System32\swk.ini
[2009/05/15 19:07:26 | 00,000,525 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2009/05/15 18:57:54 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2009/05/15 18:57:54 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2009/05/15 18:57:53 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2009/05/15 18:57:53 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2009/05/15 18:57:53 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2009/05/15 18:57:53 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2009/05/15 18:57:53 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2009/05/15 18:57:52 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2009/05/15 18:57:52 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2009/05/15 18:57:52 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2009/05/15 18:57:49 | 00,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2009/05/13 20:05:53 | 00,012,442 | ---- | C] () -- C:\WINDOWS\System32\Notepad2.ini
[2009/05/13 20:05:52 | 00,175,616 | ---- | C] () -- C:\WINDOWS\System32\mmm.dll
[2009/05/01 00:31:06 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 09:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2001/08/23 23:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 23:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[2009/07/19 19:10:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/19 19:07:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/19 18:57:57 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/19 18:57:23 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/19 18:35:42 | 03,147,475 | R--- | M] () -- C:\Documents and Settings\DeeBo\Desktop\Combo-Fix.exe
[2009/07/19 14:39:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DeeBo\Desktop\OTL.exe
[2009/07/19 14:29:46 | 00,261,295 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\Plombie_family.psd
[2009/07/19 14:29:25 | 00,031,089 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\icon_biggrin.psd
[2009/07/19 01:40:21 | 00,034,281 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\kanye_west_glasses.jpg
[2009/07/18 21:24:12 | 05,222,480 | ---- | M] () -- C:\Documents and Settings\DeeBo\My Documents\07-18-2009 09;24;11PM.PSD
[2009/07/17 15:14:52 | 00,001,150 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\favicon.ico
[2009/07/17 02:50:55 | 01,183,173 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\gta_wp.psd
[2009/07/16 14:25:26 | 00,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/07/16 14:22:16 | 01,511,190 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\slaton.psd
[2009/07/16 13:58:40 | 00,095,567 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\knickles_sig.png
[2009/07/16 02:12:34 | 06,576,362 | ---- | M] () -- C:\Documents and Settings\DeeBo\My Documents\07-16-2009 02;12;34AM.PSD
[2009/07/16 02:09:18 | 01,539,298 | ---- | M] () -- C:\Documents and Settings\DeeBo\My Documents\07-16-2009 02;09;17AM.PSD
[2009/07/16 00:24:02 | 00,012,442 | ---- | M] () -- C:\WINDOWS\System32\Notepad2.ini
[2009/07/15 22:55:00 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DeeBo\Desktop\TFC.exe
[2009/07/15 22:22:37 | 00,975,894 | ---- | M] () -- C:\Documents and Settings\DeeBo\My Documents\07-15-2009 10;22;37PM.PSD
[2009/07/15 08:47:38 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 07:56:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/15 06:21:45 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/07/15 06:15:17 | 00,098,989 | ---- | M] () -- C:\MGlogs.zip
[2009/07/15 06:07:36 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/07/15 03:12:02 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/15 03:12:02 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/07/15 03:01:32 | 43,985,744 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\DeeBo\Desktop\kis8.0.0.506en.exe
[2009/07/15 02:18:30 | 00,046,157 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\DeeBo\Desktop\GooredFix.exe
[2009/07/15 01:40:13 | 01,343,301 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\MGtools.exe
[2009/07/15 01:34:43 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/07/12 21:39:46 | 00,469,504 | ---- | M] ( ) -- C:\Documents and Settings\DeeBo\Desktop\RootRepeal.exe
[2009/07/07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/06 14:38:06 | 00,000,525 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/07/05 07:24:09 | 01,439,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/03 20:23:38 | 00,029,664 | ---- | M] () -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/03 20:03:53 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\DeeBo\Desktop\Defraggler.lnk
[2009/07/02 05:43:54 | 00,066,560 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/07/02 05:43:54 | 00,058,368 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/07/02 02:22:39 | 00,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2009/06/30 18:04:22 | 04,807,814 | -H-- | M] () -- C:\Documents and Settings\DeeBo\Local Settings\Application Data\IconCache.db
[2009/06/30 01:11:56 | 00,000,180 | ---- | M] () -- C:\WINDOWS\wininit.ini

========== LOP Check ==========

[2009/07/15 06:58:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/14 23:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/05/15 01:27:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/07/06 14:55:37 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/05/14 16:48:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/07/15 22:55:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/02 02:27:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\DeeBo\Application Data
[2009/06/08 05:20:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Alien Skin
[2009/06/03 10:00:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Artweaver
[2009/06/10 11:42:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Azureus
[2009/07/19 14:29:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\FileZilla
[2009/07/16 14:21:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\HLSW
[2009/05/13 23:17:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Nvu
[2009/06/09 02:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\PeaZip
[2009/06/02 21:00:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Search Settings
[2009/07/02 02:27:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Skinux
[2009/05/13 20:26:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\Styler
[2009/05/13 21:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\SystemRequirementsLab
[2009/05/28 01:09:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DeeBo\Application Data\teamspeak2
[2009/07/15 07:56:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001/08/23 23:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/19 19:10:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >


Thank you.
  • 0

#12
IndiGenus
Posted 19 July 2009 - 05:40 PM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#13
WhiZZlE
Posted 19 July 2009 - 05:48 PM

WhiZZlE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-19 19:47:56
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 8A547720 ZwEnumerateKey
Code 8A844310 ZwFlushInstructionCache
Code 89F8079E ZwSaveKey
Code 89FE879E ZwSaveKeyEx
Code 8A81331E IofCallDriver
Code 89FAC79E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 8A813323
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 89FAC7A3
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP 8A844314
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB70 5 Bytes JMP 8A547724
PAGE ntkrnlpa.exe!ZwSaveKey 8061BDE4 5 Bytes JMP 89F807A2
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8061BECA 5 Bytes JMP 89FE87A2
? Combo-Fix.sys The system cannot find the file specified. !
? C:\DOCUME~1\DeeBo\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[388] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\winlogon.exe[632] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0062000A
.text C:\WINDOWS\system32\services.exe[680] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003A000A
.text C:\WINDOWS\system32\nvsvc32.exe[860] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006A000A
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0066000A
.text ...
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [388] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [632] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [680] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [692] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\WINDOWS\system32\nvsvc32.exe [860] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [892] 0x00960000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [972] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1088] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1144] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1168] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [1292] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1472] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [1480] 0x009E0000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [1788] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1896] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2004] 0x006C0000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [2088] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\WINDOWS\system32\wscntfy.exe [2604] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [3244] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\n9fevh5j.exe [3720] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrurhkqnvq.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [3776] 0x10000000

---- EOF - GMER 1.0.15 ----
  • 0

#14
IndiGenus
Posted 19 July 2009 - 05:58 PM

IndiGenus

    Anti-Malware Buddha

  • Member
  • PipPipPipPip
  • 1,617 posts
Please download the OTM by OldTimer.
  • Save it to your desktop.
  • Please double-click OTM.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :processes
explorer.exe

:files
C:\WINDOWS\system32\drivers\erqnbtko.sys
C:\WINDOWS\system32\geyekrurhkqnvq.dll

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  • 0

#15
WhiZZlE
Posted 19 July 2009 - 06:09 PM

WhiZZlE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
After reboot this log popped up.
Thank you.


All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\drivers\erqnbtko.sys not found.
File/Folder C:\WINDOWS\system32\geyekrurhkqnvq.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: DeeBo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2510018 bytes
->Java cache emptied: 130719 bytes
->FireFox cache emptied: 84099757 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 83560 bytes

Total Files Cleaned = 82.86 mb


OTM by OldTimer - Version 3.0.0.5 log created on 07192009_200546

Files moved on Reboot...

Registry entries deleted on Reboot...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP