Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Fake Security Center Alert Win32.Conflicker.C [Solved]

Started by bitterbuck , Oct 19 2009 01:08 PM

  • This topic is locked This topic is locked

#1
bitterbuck
Posted 19 October 2009 - 01:08 PM

bitterbuck

    Member

  • Member
  • PipPip
  • 18 posts
I have a fake security center pop up that wont go away. So far I have:

1. Run Adaware scan
2. Run Antivirus Scan
3. Run TFC (Temp File Cleaner)
4. Set a System Restore Point
5. Run ENRUNT
6. Run Malwarebytes (had numerous error messages on install)
7. Windows update
8. Rootrepeal
9. OTL


RootRepeal
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/19 13:46
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF0B94000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7C97000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEF576000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: C:\Documents and Settings\Doylechiro\Application Data\Gmail\gorhv17911194.exe
PID: 2312 Status: Hidden from the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf777f87e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf777fbfe

==EOF==

OTL

OTL logfile created on: 10/19/2009 1:49:31 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Doylechiro\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 121.52 Mb Available Physical Memory | 15.84% Memory free
1.46 Gb Paging File | 0.84 Gb Available in Paging File | 57.41% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 27.43 Gb Free Space | 36.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOCFW
Current User Name: Doylechiro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/19 13:48:29 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe
PRC - [2009/10/16 13:13:20 | 00,781,656 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/10/16 13:13:18 | 01,170,768 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/08/07 18:14:18 | 29,577,216 | ---- | M] (Forté Systems) -- C:\Program Files\Forte Systems\Chiro8000 v12\PM.exe
PRC - [2009/08/06 23:34:38 | 00,380,928 | ---- | M] () -- C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe
PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/06/10 17:28:26 | 12,973,336 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2009/05/27 07:17:52 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/27 07:17:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/11/05 22:59:00 | 04,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/10/16 21:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe
PRC - [2008/10/16 21:35:24 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/12/21 13:30:40 | 00,131,072 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
PRC - [2006/03/02 18:47:35 | 07,166,053 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2005/08/11 17:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/03/31 10:26:50 | 00,229,376 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2005/01/04 12:50:52 | 00,405,583 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
PRC - [2004/10/20 08:40:04 | 00,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2004/09/22 19:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe
PRC - [2004/01/08 17:41:40 | 00,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
PRC - [2003/09/19 13:11:46 | 00,065,536 | ---- | M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
PRC - [2003/08/19 17:21:01 | 00,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/06/24 10:46:30 | 00,245,760 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/02 15:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2003/03/05 06:30:10 | 00,155,648 | ---- | M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe
PRC - [2002/12/17 18:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
PRC - [2002/12/17 18:23:32 | 00,074,308 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2002/08/29 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2002/03/21 23:41:56 | 00,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
PRC - [2000/06/29 03:45:10 | 00,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2009/10/16 13:13:18 | 01,170,768 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc [Auto | Running])
SRV - [2009/05/27 07:17:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/10/16 21:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto | Running])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/12/21 13:30:40 | 00,131,072 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/10/20 08:40:04 | 00,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Disabled | Stopped])
SRV - [2004/09/22 19:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS [Auto | Running])
SRV - [2004/01/08 17:41:40 | 00,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto | Running])
SRV - [2003/09/19 13:11:46 | 00,065,536 | ---- | M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/05/02 15:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/03/05 06:30:10 | 00,155,648 | ---- | M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe -- (SuperProServer [Auto | Running])
SRV - [2003/03/03 13:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2002/12/17 18:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto | Running])
SRV - [2002/12/17 18:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand | Stopped])
SRV - [2002/12/17 18:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2000/06/29 03:45:10 | 00,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-msgr&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo....r=ytff-msgr&p="


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/27 07:17:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 18:38:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2008/04/08 08:02:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/07/23 03:15:21 | 00,000,000 | ---D | M]

[2009/10/19 08:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions
[2009/10/19 08:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/12/29 18:36:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/19 08:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\staged-xpis
[2009/10/19 09:02:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/03/02 18:47:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/27 10:19:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2008/02/12 12:01:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/19 08:33:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/12 07:08:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/27 07:18:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2006/03/02 18:47:31 | 00,060,518 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/03/02 18:47:34 | 00,049,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/03/02 18:47:31 | 00,165,992 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/05/27 07:17:53 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2006/03/02 18:47:33 | 00,017,024 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll
[2006/03/02 18:47:38 | 00,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
[2006/03/02 18:47:38 | 00,000,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
[2006/03/02 18:47:38 | 00,001,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png
[2006/03/02 18:47:38 | 00,000,539 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src
[2006/03/02 18:47:38 | 00,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2006/03/02 18:47:38 | 00,001,007 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2006/03/02 18:47:38 | 00,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2006/03/02 18:47:38 | 00,001,056 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2006/03/02 18:47:38 | 00,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2006/03/02 18:47:38 | 00,000,718 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2006/03/02 18:47:38 | 00,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2006/03/02 18:47:38 | 00,001,122 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src

O1 HOSTS File: (2369 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <title>cominstall-adobe-flash.com</title>
O1 - Hosts: <script type="text/javascript" src="/js/general.js"></script>
O1 - Hosts: <script type="text/javascript">
O1 - Hosts: ChkRequestEnc('YToyMTp7aTowO3M6MTk6IjIwMDktMTAtMTcgMDk6MDI6NTciO2k6MTtzOjc6IjMwNzgzMjEiO2k6MjtOO2k6MztzOjEyOiJDcmF6eUJybyAxLjAiO2k6
NDtzOjg1OiIvaC5waHA/Y2FjaGluZ0Rlbnk9LmNvbSZpZD1oLmNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJmlwPTEyNy4wLjAuMSZtb2RlPWhvc3RzJmRsbD0xIjtpOjU7czoxMzoi
NzEuMTEzLjI0OS41NSI7aTo2O3M6MjoiMTEiO2k6NztzOjA6IiI7aTo4O3M6MToidCI7aTo5O3M6MjoiVVMiO2k6MTA7czo1OiJURVhBUyI7aToxMTtzOjY6I
klSVklORyI7aToxMjtzOjI6IjE1IjtpOjEzO3M6MjY6ImNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tIjtpOjE0O3M6OTc6Imh0dHA6Ly9zZWRvcGFya2luZy
5jb20vc2VhcmNoL3JlZ2lzdHJhci5waHA/ZG9tYWluPWNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJnJlZ2lzdHJhcj10cmVsbGlhbjUiO2k6MTU7TjtpOjE2O047aToxNztOO2k6MTg7TjtpOjE5O047
aToyMDtOO30=');
O1 - Hosts: </script>
O1 - Hosts: <script type="text/javascript">
O1 - Hosts: var fl = "toolbar";
O1 - Hosts: var u = "/" + fl + ".php";
O1 - Hosts: u = u + "?enc=YToyMTp7aTowO3M6MTk6IjIwMDktMTAtMTcgMDk6MDI6NTciO2k6MTtzOjc6IjMwNzgzMjEiO2k6MjtOO2k6MztzOjEyOiJDcmF6eUJybyAxLjAiO2k6
NDtzOjg1OiIvaC5waHA%2FY2FjaGluZ0Rlbnk9LmNvbSZpZD1oLmNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJmlwPTEyNy4wLjAuMSZtb2RlPWhvc3RzJmRsbD0xIjtpOjU7czoxMz
oiNzEuMTEzLjI0OS41NSI7aTo2O3M6MjoiMTEiO2k6NztzOjA6IiI7aTo4O3M6MToidCI7aTo5O3M6MjoiVVMiO2k6MTA7czo1OiJURVhBUyI7aToxMTtzOjY
6IklSVklORyI7aToxMjtzOjI6IjE1IjtpOjEzO3M6MjY6ImNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tIjtpOjE0O3M6OTc6Imh0dHA6Ly9zZWRvcGFya2lu
Zy5jb20vc2VhcmNoL3JlZ2lzdHJhci5waHA%2FZG9tYWluPWNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJnJlZ2lzdHJhcj10cmVsbGlhbjUiO2k6MTU7TjtpOjE2O047aToxNztOO2k6MTg7TjtpOjE5O0
47aToyMDtOO30%3D";
O1 - Hosts: var w = '690';
O1 - Hosts: var h = '320';
O1 - Hosts: var wV = 'scrollbars=no,resizable=yes,toolbar=no,' + 'menubar=no,status=no,location=no,height=' + h + ',width=' + w;
O1 - Hosts: tW = window.open(u, "tWin", wV);
O1 - Hosts: if (null !== tW)
O1 - Hosts: {
O1 - Hosts: tW.blur();
O1 - Hosts: window.focus();
O1 - Hosts: }
O1 - Hosts: </script>
O1 - Hosts: </head>
O1 - Hosts: <frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
O1 - Hosts: <!-- SCC a11 -->
O1 - Hosts: <frame src="http://sedoparking.c...rar=trellian5">
O1 - Hosts: 16 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Chiro8000 v12 File Server.lnk = C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.acngroup...tivexviewer.cab (Crystal Report Viewer Control 9)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...147/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} https://accounting.q....559/qboax8.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} http://validate.meas...ASADownload.CAB (MDASADownload.Complete)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/03 16:22:14 | 00,000,000 | ---D | M] - C:\autodoc -- [ NTFS ]
O32 - AutoRun File - [2007/01/21 10:36:34 | 00,000,000 | ---D | M] - C:\Autodoc2 -- [ NTFS ]
O32 - AutoRun File - [2004/10/26 20:50:33 | 00,000,002 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/02 16:08:53 | 00,000,000 | ---D | M] - C:\autosync -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: Ip6FwHlp - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/16 13:11:35 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/16 13:10:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/10/19 08:06:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/16 16:59:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/15 10:12:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Doylechiro\Application Data\Gmail
[2009/10/19 08:07:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Doylechiro\Application Data\Malwarebytes
[2009/10/19 08:04:17 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/19 08:06:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/16 17:24:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/10/16 17:17:01 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/10/19 13:48:23 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe
[2009/10/19 13:42:19 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Doylechiro\Desktop\RootRepeal.exe
[2009/10/19 08:08:25 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doylechiro\Desktop\lllkkkiii-setup.exe
[2009/10/19 08:06:55 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/19 08:06:52 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/19 08:05:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/19 07:36:18 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\My Documents\TFC.exe
[2009/10/16 13:14:17 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

========== Files - Modified Within 14 Days ==========

[2009/10/19 13:48:29 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe
[2009/10/19 13:42:19 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Doylechiro\Desktop\RootRepeal.exe
[2009/10/19 13:15:28 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/19 11:01:22 | 00,002,119 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mat.gif
[2009/10/19 11:01:22 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mzn.gif
[2009/10/19 11:01:22 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mby.gif
[2009/10/19 09:00:22 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/10/19 09:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job
[2009/10/19 08:50:16 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/19 08:45:35 | 00,000,448 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/10/19 08:45:18 | 00,000,398 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (SmartDrawTrial).job
[2009/10/19 08:45:18 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2009/10/19 08:45:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/19 08:44:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/19 08:09:46 | 00,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/19 08:08:31 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doylechiro\Desktop\lllkkkiii-setup.exe
[2009/10/19 08:04:26 | 00,000,800 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/19 08:04:23 | 00,000,644 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Desktop\NTREGOPT.lnk
[2009/10/19 08:04:22 | 00,000,625 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Desktop\ERUNT.lnk
[2009/10/19 07:36:23 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\My Documents\TFC.exe
[2009/10/19 04:03:00 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\Scan for Viruses.job
[2009/10/19 02:20:00 | 00,000,620 | ---- | M] () -- C:\WINDOWS\tasks\ACOScheduler_DNS_Cody Doyle (v8)_DNS_Microphone (Mic-In)_DNS_DR_ CODY DOYLE_1.job
[2009/10/18 03:06:01 | 00,000,382 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/10/16 17:24:27 | 00,000,853 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2009/10/16 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job
[2009/10/16 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job
[2009/10/16 14:40:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/16 13:11:33 | 00,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/16 10:08:02 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/10/15 03:27:17 | 00,533,408 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 03:27:17 | 00,463,200 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/10/15 03:27:17 | 00,079,920 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/10/15 03:12:24 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/14 04:00:00 | 00,000,432 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DOCFW-Dr. Cody Doyle).job

========== Files - No Company Name ==========
[2009/10/19 08:06:59 | 00,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/19 08:04:26 | 00,000,800 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/19 08:04:23 | 00,000,644 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Desktop\NTREGOPT.lnk
[2009/10/19 08:04:22 | 00,000,625 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Desktop\ERUNT.lnk
[2009/10/16 17:30:12 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/16 17:24:27 | 00,000,853 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2009/10/16 15:02:38 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/10/16 13:15:04 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/16 13:11:33 | 00,000,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/15 10:22:59 | 00,002,119 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mat.gif
[2009/10/15 10:22:59 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mzn.gif
[2009/10/15 10:22:59 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mby.gif
[2008/10/15 14:43:48 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\DM510.dll
[2008/02/17 12:35:24 | 00,004,114 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\SAS7_000.DAT
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/21 10:36:40 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/02 12:51:26 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/04/17 14:45:49 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\fusioncache.dat
[2006/03/10 09:54:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\DESKTOP.INI
[2006/03/10 09:54:53 | 00,082,416 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/03/10 09:54:49 | 01,578,622 | -H-- | C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\IconCache.db
[2006/01/27 09:25:39 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/01/17 15:58:04 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\BADECEE175.sys
[2006/01/17 15:41:52 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/09/29 15:00:21 | 00,000,340 | ---- | C] () -- C:\WINDOWS\ptlabels.ini
[2005/08/01 10:04:19 | 00,000,187 | ---- | C] () -- C:\WINDOWS\wiseftp.ini
[2005/04/11 14:49:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2005/03/03 09:17:05 | 00,000,428 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/31 16:08:30 | 00,000,032 | ---- | C] () -- C:\WINDOWS\concentr.ini
[2005/01/31 15:10:21 | 00,000,042 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/01/28 11:45:23 | 00,000,377 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/12/09 18:36:40 | 00,000,012 | ---- | C] () -- C:\WINDOWS\clocked.ini
[2004/11/30 11:04:03 | 00,000,072 | ---- | C] () -- C:\WINDOWS\WINTIME.INI
[2004/11/26 21:57:26 | 00,000,567 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2004/11/26 21:56:35 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\SAWZip.dll
[2004/11/26 21:56:35 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004/11/26 21:56:31 | 00,307,200 | ---- | C] () -- C:\WINDOWS\System32\AppointmentView.dll
[2004/11/26 21:56:27 | 00,345,088 | ---- | C] () -- C:\WINDOWS\System32\ShrLk21.dll
[2004/11/26 21:56:27 | 00,304,128 | ---- | C] () -- C:\WINDOWS\System32\KeyGen.dll
[2004/10/26 20:50:32 | 00,000,121 | ---- | C] () -- C:\WINDOWS\Lname.ini
[2004/10/26 20:50:29 | 00,000,482 | ---- | C] () -- C:\WINDOWS\HITLIST.INI
[2004/10/26 20:50:28 | 00,000,214 | ---- | C] () -- C:\WINDOWS\Browser.ini
[2004/10/26 10:19:45 | 00,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/09/03 08:49:07 | 00,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/09/03 08:42:34 | 00,000,045 | ---- | C] () -- C:\WINDOWS\IDIGFLGN.ini
[2004/07/17 15:06:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Dssole.INI
[2004/07/17 15:06:07 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2004/07/07 16:32:17 | 00,014,938 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2004/06/30 08:34:22 | 00,000,010 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/14 10:46:07 | 00,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/06/08 11:27:17 | 00,000,064 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/06/08 11:27:15 | 00,000,520 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/06/08 11:24:14 | 00,001,471 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/06/01 10:24:42 | 00,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/06/01 10:24:42 | 00,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/21 13:34:09 | 00,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/05/21 13:34:09 | 00,000,134 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2004/05/21 13:31:37 | 00,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2004/05/21 11:54:13 | 00,001,437 | ---- | C] () -- C:\WINDOWS\hpdj5800.ini
[2004/01/20 07:24:15 | 00,040,278 | ---- | C] () -- C:\Program Files\Copy of Patients.dat
[2003/11/04 11:39:18 | 00,000,005 | ---- | C] () -- C:\WINDOWS\SUPER.INI
[2003/10/20 16:00:28 | 00,000,832 | ---- | C] () -- C:\WINDOWS\efscan.ini
[2003/10/20 16:00:28 | 00,000,021 | ---- | C] () -- C:\WINDOWS\efaxview.ini
[2003/10/09 20:04:56 | 00,000,027 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/09/24 16:34:19 | 00,251,392 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2003/09/24 16:34:19 | 00,000,150 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2003/09/24 16:34:13 | 00,010,092 | ---- | C] () -- C:\WINDOWS\exerpro.ini
[2003/09/22 17:13:17 | 00,000,773 | ---- | C] () -- C:\WINDOWS\BLST8.INI
[2003/09/20 11:18:22 | 00,000,173 | ---- | C] () -- C:\WINDOWS\srlink.ini
[2003/09/20 11:18:22 | 00,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx96.ini
[2003/09/20 11:17:42 | 00,021,504 | ---- | C] () -- C:\WINDOWS\System32\docobj.dll
[2003/09/20 11:15:13 | 00,000,213 | ---- | C] () -- C:\WINDOWS\dgnsetup.ini
[2003/09/18 07:51:25 | 00,000,027 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2003/09/18 07:51:21 | 00,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2003/09/18 07:51:21 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2003/09/18 07:50:22 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32mkrc.dll
[2003/09/18 07:50:22 | 00,097,290 | ---- | C] () -- C:\WINDOWS\System32\Crp32dll.dll
[2003/09/18 07:50:17 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\owl53v.dll
[2003/09/18 07:50:17 | 00,906,784 | ---- | C] () -- C:\WINDOWS\System32\Owl52f.dll
[2003/09/18 07:50:17 | 00,017,424 | ---- | C] () -- C:\WINDOWS\System32\FH_BMP.DLL
[2003/09/18 07:50:12 | 00,531,456 | ---- | C] () -- C:\WINDOWS\System32\Bdt52cf.dll
[2003/09/18 07:50:12 | 00,518,080 | ---- | C] () -- C:\WINDOWS\System32\bdt52c.dll
[2003/09/18 07:46:18 | 00,001,640 | ---- | C] () -- C:\WINDOWS\TrackMe.ini
[2003/09/16 10:07:26 | 00,000,036 | ---- | C] () -- C:\WINDOWS\BLST.INI
[2003/09/14 17:23:53 | 00,174,608 | ---- | C] () -- C:\WINDOWS\Tutility.dll
[2003/09/14 16:24:39 | 00,001,371 | ---- | C] () -- C:\WINDOWS\PM4W.INI
[2003/09/14 13:22:47 | 00,009,208 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2003/09/14 13:17:09 | 00,000,951 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2003/08/19 17:22:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/19 17:17:56 | 00,000,885 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2003/08/19 17:16:47 | 00,001,143 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/19 17:11:52 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/19 17:00:08 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/19 16:49:32 | 00,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/09 09:38:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002/09/03 13:36:02 | 00,000,699 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 13:26:32 | 00,000,246 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/09/03 13:26:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2002/04/11 13:47:52 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2009/10/19 08:06:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/16 13:11:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2006/01/17 15:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2006/01/17 15:50:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2004/11/26 15:38:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2004/10/26 10:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2009/01/13 20:08:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2006/01/27 09:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/04/03 14:42:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/02/17 12:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2004/06/14 09:13:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/08/20 07:11:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2003/08/19 17:13:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/02/17 16:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2004/01/22 11:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2009/10/16 16:59:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/02/06 14:03:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/19 08:07:25 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Doylechiro\Application Data
[2007/01/10 12:56:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\ActiveDocs
[2008/09/26 12:51:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\FileZilla
[2006/09/27 12:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\G7PS
[2009/10/15 10:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Gmail
[2006/04/25 09:02:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Kana Solution
[2008/03/03 18:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\KompoZer
[2008/10/15 14:45:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\LinkManager 4.0
[2007/04/03 14:43:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\MSN6
[2008/02/17 12:07:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Nuance
[2009/01/27 13:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\OpenOffice.org
[2006/09/05 10:07:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\ScanSoft
[2008/03/24 11:52:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Viewpoint
[2009/10/19 02:20:00 | 00,000,620 | ---- | M] () -- C:\WINDOWS\Tasks\ACOScheduler_DNS_Cody Doyle (v8)_DNS_Microphone (Mic-In)_DNS_DR_ CODY DOYLE_1.job
[2009/10/19 13:15:28 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/10/16 14:40:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/10/14 04:00:00 | 00,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DOCFW-Dr. Cody Doyle).job
[2009/10/19 08:50:16 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/10/19 08:45:35 | 00,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/10/19 08:45:18 | 00,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2009/10/18 03:06:01 | 00,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/10/19 08:45:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/19 04:03:00 | 00,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\Scan for Viruses.job
[2009/10/19 08:45:18 | 00,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job
[2009/10/16 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job
[2009/10/19 09:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job
[2009/10/16 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/12/12 13:01:18 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\oldnartvtmp.rtf:SummaryInformation
< End of report >

Any help would be appreicated!
  • 0

Advertisements

#2
bitterbuck
Posted 19 October 2009 - 01:52 PM

bitterbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Annted to add OTL Extras and MBAM Logs

OTL logfile created on: 10/19/2009 1:49:31 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Doylechiro\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 121.52 Mb Available Physical Memory | 15.84% Memory free
1.46 Gb Paging File | 0.84 Gb Available in Paging File | 57.41% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 27.43 Gb Free Space | 36.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOCFW
Current User Name: Doylechiro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/19 13:48:29 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe
PRC - [2009/10/16 13:13:20 | 00,781,656 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/10/16 13:13:18 | 01,170,768 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/08/07 18:14:18 | 29,577,216 | ---- | M] (Forté Systems) -- C:\Program Files\Forte Systems\Chiro8000 v12\PM.exe
PRC - [2009/08/06 23:34:38 | 00,380,928 | ---- | M] () -- C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe
PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/06/10 17:28:26 | 12,973,336 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2009/05/27 07:17:52 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/27 07:17:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/11/05 22:59:00 | 04,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2008/10/16 21:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe
PRC - [2008/10/16 21:35:24 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/12/21 13:30:40 | 00,131,072 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
PRC - [2006/03/02 18:47:35 | 07,166,053 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2005/08/11 17:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/03/31 10:26:50 | 00,229,376 | ---- | M] (Yahoo!, Inc.) -- C:\Program Files\Yahoo!\browser\ycommon.exe
PRC - [2005/01/04 12:50:52 | 00,405,583 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
PRC - [2004/10/20 08:40:04 | 00,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2004/09/22 19:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe
PRC - [2004/01/08 17:41:40 | 00,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
PRC - [2003/09/19 13:11:46 | 00,065,536 | ---- | M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
PRC - [2003/08/19 17:21:01 | 00,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/06/24 10:46:30 | 00,245,760 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/02 15:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2003/03/05 06:30:10 | 00,155,648 | ---- | M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe
PRC - [2002/12/17 18:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
PRC - [2002/12/17 18:23:32 | 00,074,308 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2002/08/29 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2002/03/21 23:41:56 | 00,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
PRC - [2000/06/29 03:45:10 | 00,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2009/10/16 13:13:18 | 01,170,768 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc [Auto | Running])
SRV - [2009/05/27 07:17:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/10/16 21:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto | Running])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/12/21 13:30:40 | 00,131,072 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/10/20 08:40:04 | 00,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Disabled | Stopped])
SRV - [2004/09/22 19:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS [Auto | Running])
SRV - [2004/01/08 17:41:40 | 00,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto | Running])
SRV - [2003/09/19 13:11:46 | 00,065,536 | ---- | M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/05/02 15:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/03/05 06:30:10 | 00,155,648 | ---- | M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe -- (SuperProServer [Auto | Running])
SRV - [2003/03/03 13:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2002/12/17 18:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto | Running])
SRV - [2002/12/17 18:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand | Stopped])
SRV - [2002/12/17 18:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2000/06/29 03:45:10 | 00,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-msgr&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo....r=ytff-msgr&p="


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/27 07:17:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 18:38:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2008/04/08 08:02:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/07/23 03:15:21 | 00,000,000 | ---D | M]

[2009/10/19 08:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions
[2009/10/19 08:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/12/29 18:36:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/19 08:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\staged-xpis
[2009/10/19 09:02:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/03/02 18:47:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/27 10:19:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2008/02/12 12:01:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/19 08:33:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/12 07:08:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/27 07:18:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2006/03/02 18:47:31 | 00,060,518 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/03/02 18:47:34 | 00,049,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/03/02 18:47:31 | 00,165,992 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/05/27 07:17:53 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2006/03/02 18:47:33 | 00,017,024 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll
[2006/03/02 18:47:38 | 00,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
[2006/03/02 18:47:38 | 00,000,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
[2006/03/02 18:47:38 | 00,001,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png
[2006/03/02 18:47:38 | 00,000,539 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src
[2006/03/02 18:47:38 | 00,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2006/03/02 18:47:38 | 00,001,007 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2006/03/02 18:47:38 | 00,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2006/03/02 18:47:38 | 00,001,056 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2006/03/02 18:47:38 | 00,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2006/03/02 18:47:38 | 00,000,718 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2006/03/02 18:47:38 | 00,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2006/03/02 18:47:38 | 00,001,122 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src

O1 HOSTS File: (2369 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <title>cominstall-adobe-flash.com</title>
O1 - Hosts: <script type="text/javascript" src="/js/general.js"></script>
O1 - Hosts: <script type="text/javascript">
O1 - Hosts: ChkRequestEnc('YToyMTp7aTowO3M6MTk6IjIwMDktMTAtMTcgMDk6MDI6NTciO2k6MTtzOjc6IjMwNzgzMjEiO2k6MjtOO2k6MztzOjEyOiJDcmF6eUJybyAxLjAiO2k6
NDtzOjg1OiIvaC5waHA/Y2FjaGluZ0Rlbnk9LmNvbSZpZD1oLmNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJmlwPTEyNy4wLjAuMSZtb2RlPWhvc3RzJmRsbD0xIjtpOjU7czoxMzoi
NzEuMTEzLjI0OS41NSI7aTo2O3M6MjoiMTEiO2k6NztzOjA6IiI7aTo4O3M6MToidCI7aTo5O3M6MjoiVVMiO2k6MTA7czo1OiJURVhBUyI7aToxMTtzOjY6I
klSVklORyI7aToxMjtzOjI6IjE1IjtpOjEzO3M6MjY6ImNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tIjtpOjE0O3M6OTc6Imh0dHA6Ly9zZWRvcGFya2luZy
5jb20vc2VhcmNoL3JlZ2lzdHJhci5waHA/ZG9tYWluPWNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJnJlZ2lzdHJhcj10cmVsbGlhbjUiO2k6MTU7TjtpOjE2O047aToxNztOO2k6MTg7TjtpOjE5O047
aToyMDtOO30=');
O1 - Hosts: </script>
O1 - Hosts: <script type="text/javascript">
O1 - Hosts: var fl = "toolbar";
O1 - Hosts: var u = "/" + fl + ".php";
O1 - Hosts: u = u + "?enc=YToyMTp7aTowO3M6MTk6IjIwMDktMTAtMTcgMDk6MDI6NTciO2k6MTtzOjc6IjMwNzgzMjEiO2k6MjtOO2k6MztzOjEyOiJDcmF6eUJybyAxLjAiO2k6
NDtzOjg1OiIvaC5waHA%2FY2FjaGluZ0Rlbnk9LmNvbSZpZD1oLmNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJmlwPTEyNy4wLjAuMSZtb2RlPWhvc3RzJmRsbD0xIjtpOjU7czoxMz
oiNzEuMTEzLjI0OS41NSI7aTo2O3M6MjoiMTEiO2k6NztzOjA6IiI7aTo4O3M6MToidCI7aTo5O3M6MjoiVVMiO2k6MTA7czo1OiJURVhBUyI7aToxMTtzOjY
6IklSVklORyI7aToxMjtzOjI6IjE1IjtpOjEzO3M6MjY6ImNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tIjtpOjE0O3M6OTc6Imh0dHA6Ly9zZWRvcGFya2lu
Zy5jb20vc2VhcmNoL3JlZ2lzdHJhci5waHA%2FZG9tYWluPWNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJnJlZ2lzdHJhcj10cmVsbGlhbjUiO2k6MTU7TjtpOjE2O047aToxNztOO2k6MTg7TjtpOjE5O0
47aToyMDtOO30%3D";
O1 - Hosts: var w = '690';
O1 - Hosts: var h = '320';
O1 - Hosts: var wV = 'scrollbars=no,resizable=yes,toolbar=no,' + 'menubar=no,status=no,location=no,height=' + h + ',width=' + w;
O1 - Hosts: tW = window.open(u, "tWin", wV);
O1 - Hosts: if (null !== tW)
O1 - Hosts: {
O1 - Hosts: tW.blur();
O1 - Hosts: window.focus();
O1 - Hosts: }
O1 - Hosts: </script>
O1 - Hosts: </head>
O1 - Hosts: <frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
O1 - Hosts: <!-- SCC a11 -->
O1 - Hosts: <frame src="http://sedoparking.c...rar=trellian5">
O1 - Hosts: 16 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Chiro8000 v12 File Server.lnk = C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.acngroup...tivexviewer.cab (Crystal Report Viewer Control 9)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...147/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} https://accounting.q....559/qboax8.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} http://validate.meas...ASADownload.CAB (MDASADownload.Complete)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/03 16:22:14 | 00,000,000 | ---D | M] - C:\autodoc -- [ NTFS ]
O32 - AutoRun File - [2007/01/21 10:36:34 | 00,000,000 | ---D | M] - C:\Autodoc2 -- [ NTFS ]
O32 - AutoRun File - [2004/10/26 20:50:33 | 00,000,002 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/02 16:08:53 | 00,000,000 | ---D | M] - C:\autosync -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: Ip6FwHlp - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/16 13:11:35 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/16 13:10:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/10/19 08:06:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/16 16:59:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/15 10:12:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Doylechiro\Application Data\Gmail
[2009/10/19 08:07:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Doylechiro\Application Data\Malwarebytes
[2009/10/19 08:04:17 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/19 08:06:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/16 17:24:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/10/16 17:17:01 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/10/19 13:48:23 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe
[2009/10/19 13:42:19 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Doylechiro\Desktop\RootRepeal.exe
[2009/10/19 08:08:25 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doylechiro\Desktop\lllkkkiii-setup.exe
[2009/10/19 08:06:55 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/19 08:06:52 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/19 08:05:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/19 07:36:18 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\My Documents\TFC.exe
[2009/10/16 13:14:17 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

========== Files - Modified Within 14 Days ==========

[2009/10/19 13:48:29 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe
[2009/10/19 13:42:19 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Doylechiro\Desktop\RootRepeal.exe
[2009/10/19 13:15:28 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/19 11:01:22 | 00,002,119 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mat.gif
[2009/10/19 11:01:22 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mzn.gif
[2009/10/19 11:01:22 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mby.gif
[2009/10/19 09:00:22 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/10/19 09:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job
[2009/10/19 08:50:16 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/19 08:45:35 | 00,000,448 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/10/19 08:45:18 | 00,000,398 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (SmartDrawTrial).job
[2009/10/19 08:45:18 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2009/10/19 08:45:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/19 08:44:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/19 08:09:46 | 00,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/19 08:08:31 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doylechiro\Desktop\lllkkkiii-setup.exe
[2009/10/19 08:04:26 | 00,000,800 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/19 08:04:23 | 00,000,644 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Desktop\NTREGOPT.lnk
[2009/10/19 08:04:22 | 00,000,625 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Desktop\ERUNT.lnk
[2009/10/19 07:36:23 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\My Documents\TFC.exe
[2009/10/19 04:03:00 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\Scan for Viruses.job
[2009/10/19 02:20:00 | 00,000,620 | ---- | M] () -- C:\WINDOWS\tasks\ACOScheduler_DNS_Cody Doyle (v8)_DNS_Microphone (Mic-In)_DNS_DR_ CODY DOYLE_1.job
[2009/10/18 03:06:01 | 00,000,382 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/10/16 17:24:27 | 00,000,853 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2009/10/16 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job
[2009/10/16 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job
[2009/10/16 14:40:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/16 13:11:33 | 00,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/16 10:08:02 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/10/15 03:27:17 | 00,533,408 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 03:27:17 | 00,463,200 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/10/15 03:27:17 | 00,079,920 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/10/15 03:12:24 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/14 04:00:00 | 00,000,432 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DOCFW-Dr. Cody Doyle).job

========== Files - No Company Name ==========
[2009/10/19 08:06:59 | 00,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/19 08:04:26 | 00,000,800 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/19 08:04:23 | 00,000,644 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Desktop\NTREGOPT.lnk
[2009/10/19 08:04:22 | 00,000,625 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Desktop\ERUNT.lnk
[2009/10/16 17:30:12 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/16 17:24:27 | 00,000,853 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2009/10/16 15:02:38 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/10/16 13:15:04 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/16 13:11:33 | 00,000,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/15 10:22:59 | 00,002,119 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mat.gif
[2009/10/15 10:22:59 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mzn.gif
[2009/10/15 10:22:59 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mby.gif
[2008/10/15 14:43:48 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\DM510.dll
[2008/02/17 12:35:24 | 00,004,114 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\SAS7_000.DAT
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/21 10:36:40 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/02 12:51:26 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/04/17 14:45:49 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\fusioncache.dat
[2006/03/10 09:54:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\DESKTOP.INI
[2006/03/10 09:54:53 | 00,082,416 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/03/10 09:54:49 | 01,578,622 | -H-- | C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\IconCache.db
[2006/01/27 09:25:39 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/01/17 15:58:04 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\BADECEE175.sys
[2006/01/17 15:41:52 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/09/29 15:00:21 | 00,000,340 | ---- | C] () -- C:\WINDOWS\ptlabels.ini
[2005/08/01 10:04:19 | 00,000,187 | ---- | C] () -- C:\WINDOWS\wiseftp.ini
[2005/04/11 14:49:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2005/03/03 09:17:05 | 00,000,428 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/31 16:08:30 | 00,000,032 | ---- | C] () -- C:\WINDOWS\concentr.ini
[2005/01/31 15:10:21 | 00,000,042 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/01/28 11:45:23 | 00,000,377 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/12/09 18:36:40 | 00,000,012 | ---- | C] () -- C:\WINDOWS\clocked.ini
[2004/11/30 11:04:03 | 00,000,072 | ---- | C] () -- C:\WINDOWS\WINTIME.INI
[2004/11/26 21:57:26 | 00,000,567 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2004/11/26 21:56:35 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\SAWZip.dll
[2004/11/26 21:56:35 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004/11/26 21:56:31 | 00,307,200 | ---- | C] () -- C:\WINDOWS\System32\AppointmentView.dll
[2004/11/26 21:56:27 | 00,345,088 | ---- | C] () -- C:\WINDOWS\System32\ShrLk21.dll
[2004/11/26 21:56:27 | 00,304,128 | ---- | C] () -- C:\WINDOWS\System32\KeyGen.dll
[2004/10/26 20:50:32 | 00,000,121 | ---- | C] () -- C:\WINDOWS\Lname.ini
[2004/10/26 20:50:29 | 00,000,482 | ---- | C] () -- C:\WINDOWS\HITLIST.INI
[2004/10/26 20:50:28 | 00,000,214 | ---- | C] () -- C:\WINDOWS\Browser.ini
[2004/10/26 10:19:45 | 00,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/09/03 08:49:07 | 00,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/09/03 08:42:34 | 00,000,045 | ---- | C] () -- C:\WINDOWS\IDIGFLGN.ini
[2004/07/17 15:06:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Dssole.INI
[2004/07/17 15:06:07 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2004/07/07 16:32:17 | 00,014,938 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2004/06/30 08:34:22 | 00,000,010 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/14 10:46:07 | 00,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/06/08 11:27:17 | 00,000,064 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/06/08 11:27:15 | 00,000,520 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/06/08 11:24:14 | 00,001,471 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/06/01 10:24:42 | 00,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/06/01 10:24:42 | 00,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/21 13:34:09 | 00,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/05/21 13:34:09 | 00,000,134 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2004/05/21 13:31:37 | 00,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2004/05/21 11:54:13 | 00,001,437 | ---- | C] () -- C:\WINDOWS\hpdj5800.ini
[2004/01/20 07:24:15 | 00,040,278 | ---- | C] () -- C:\Program Files\Copy of Patients.dat
[2003/11/04 11:39:18 | 00,000,005 | ---- | C] () -- C:\WINDOWS\SUPER.INI
[2003/10/20 16:00:28 | 00,000,832 | ---- | C] () -- C:\WINDOWS\efscan.ini
[2003/10/20 16:00:28 | 00,000,021 | ---- | C] () -- C:\WINDOWS\efaxview.ini
[2003/10/09 20:04:56 | 00,000,027 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/09/24 16:34:19 | 00,251,392 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2003/09/24 16:34:19 | 00,000,150 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2003/09/24 16:34:13 | 00,010,092 | ---- | C] () -- C:\WINDOWS\exerpro.ini
[2003/09/22 17:13:17 | 00,000,773 | ---- | C] () -- C:\WINDOWS\BLST8.INI
[2003/09/20 11:18:22 | 00,000,173 | ---- | C] () -- C:\WINDOWS\srlink.ini
[2003/09/20 11:18:22 | 00,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx96.ini
[2003/09/20 11:17:42 | 00,021,504 | ---- | C] () -- C:\WINDOWS\System32\docobj.dll
[2003/09/20 11:15:13 | 00,000,213 | ---- | C] () -- C:\WINDOWS\dgnsetup.ini
[2003/09/18 07:51:25 | 00,000,027 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2003/09/18 07:51:21 | 00,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2003/09/18 07:51:21 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2003/09/18 07:50:22 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32mkrc.dll
[2003/09/18 07:50:22 | 00,097,290 | ---- | C] () -- C:\WINDOWS\System32\Crp32dll.dll
[2003/09/18 07:50:17 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\owl53v.dll
[2003/09/18 07:50:17 | 00,906,784 | ---- | C] () -- C:\WINDOWS\System32\Owl52f.dll
[2003/09/18 07:50:17 | 00,017,424 | ---- | C] () -- C:\WINDOWS\System32\FH_BMP.DLL
[2003/09/18 07:50:12 | 00,531,456 | ---- | C] () -- C:\WINDOWS\System32\Bdt52cf.dll
[2003/09/18 07:50:12 | 00,518,080 | ---- | C] () -- C:\WINDOWS\System32\bdt52c.dll
[2003/09/18 07:46:18 | 00,001,640 | ---- | C] () -- C:\WINDOWS\TrackMe.ini
[2003/09/16 10:07:26 | 00,000,036 | ---- | C] () -- C:\WINDOWS\BLST.INI
[2003/09/14 17:23:53 | 00,174,608 | ---- | C] () -- C:\WINDOWS\Tutility.dll
[2003/09/14 16:24:39 | 00,001,371 | ---- | C] () -- C:\WINDOWS\PM4W.INI
[2003/09/14 13:22:47 | 00,009,208 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2003/09/14 13:17:09 | 00,000,951 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2003/08/19 17:22:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/19 17:17:56 | 00,000,885 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2003/08/19 17:16:47 | 00,001,143 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/19 17:11:52 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/19 17:00:08 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/19 16:49:32 | 00,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/09 09:38:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002/09/03 13:36:02 | 00,000,699 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 13:26:32 | 00,000,246 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/09/03 13:26:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2002/04/11 13:47:52 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2009/10/19 08:06:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/16 13:11:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2006/01/17 15:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2006/01/17 15:50:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2004/11/26 15:38:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2004/10/26 10:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2009/01/13 20:08:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2006/01/27 09:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/04/03 14:42:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/02/17 12:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2004/06/14 09:13:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/08/20 07:11:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2003/08/19 17:13:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/02/17 16:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2004/01/22 11:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2009/10/16 16:59:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/02/06 14:03:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/19 08:07:25 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Doylechiro\Application Data
[2007/01/10 12:56:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\ActiveDocs
[2008/09/26 12:51:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\FileZilla
[2006/09/27 12:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\G7PS
[2009/10/15 10:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Gmail
[2006/04/25 09:02:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Kana Solution
[2008/03/03 18:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\KompoZer
[2008/10/15 14:45:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\LinkManager 4.0
[2007/04/03 14:43:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\MSN6
[2008/02/17 12:07:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Nuance
[2009/01/27 13:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\OpenOffice.org
[2006/09/05 10:07:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\ScanSoft
[2008/03/24 11:52:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Viewpoint
[2009/10/19 02:20:00 | 00,000,620 | ---- | M] () -- C:\WINDOWS\Tasks\ACOScheduler_DNS_Cody Doyle (v8)_DNS_Microphone (Mic-In)_DNS_DR_ CODY DOYLE_1.job
[2009/10/19 13:15:28 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/10/16 14:40:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/10/14 04:00:00 | 00,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DOCFW-Dr. Cody Doyle).job
[2009/10/19 08:50:16 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/10/19 08:45:35 | 00,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/10/19 08:45:18 | 00,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2009/10/18 03:06:01 | 00,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/10/19 08:45:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/19 04:03:00 | 00,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\Scan for Viruses.job
[2009/10/19 08:45:18 | 00,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job
[2009/10/16 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job
[2009/10/19 09:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job
[2009/10/16 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/12/12 13:01:18 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\oldnartvtmp.rtf:SummaryInformation
< End of report >
MBAM
Malwarebytes' Anti-Malware 1.41
Database version: 2986
Windows 5.1.2600 Service Pack 3

10/19/2009 2:51:52 PM
mbam-log-2009-10-19 (14-51-52).txt

Scan type: Quick Scan
Objects scanned: 122544
Time elapsed: 9 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#3
andrewuk
Posted 24 October 2009 - 07:16 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hello bitterbuck

welcome to geekstogo :) and sorry to keep you waiting

lets get some uptodate logs for me to analyse.


====STEP 1====
go to http://www.geekstogo...uide-t2852.html and run RootRepeal in Step Five: Rootkit Detection



====STEP 2====
from the same page, go to Step Six: Post an OTL Log and run the OTL log, include the custom scan as explained on that page.



In your next reply could i see:
1. the RootRepeal log
2. the OTL log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#4
bitterbuck
Posted 26 October 2009 - 07:04 AM

bitterbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thanks!!! Here are the logs

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/26 08:03
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF0B7D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7CC3000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF03EC000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: C:\Documents and Settings\Doylechiro\Application Data\Gmail\gorhv17911194.exe
PID: 3676 Status: Hidden from the Windows API!

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf777f87e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf777fbfe

==EOF==


OTL logfile created on: 10/26/2009 7:38:08 AM - Run 2
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Doylechiro\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 310.23 Mb Available Physical Memory | 40.45% Memory free
1.46 Gb Paging File | 0.95 Gb Available in Paging File | 65.24% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 27.13 Gb Free Space | 36.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOCFW
Current User Name: Doylechiro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/19 13:48:29 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe
PRC - [2009/10/16 13:13:20 | 00,781,656 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/10/16 13:13:18 | 01,170,768 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/08/06 23:34:38 | 00,380,928 | ---- | M] () -- C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe
PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/06/10 17:28:26 | 12,973,336 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2009/05/27 07:17:52 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/27 07:17:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/11/05 22:59:00 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2008/10/16 21:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe
PRC - [2008/10/16 21:35:24 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/06/17 16:16:14 | 03,463,976 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/12/21 13:30:40 | 00,131,072 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
PRC - [2005/08/11 17:30:30 | 00,618,496 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2005/08/11 17:30:30 | 00,249,856 | ---- | M] (Macrovision Corporation) -- c:\program files\common files\installshield\updateservice\isuspm.exe
PRC - [2005/08/11 17:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/01/04 12:50:52 | 00,405,583 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
PRC - [2004/10/20 08:40:04 | 00,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2004/09/22 19:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe
PRC - [2004/01/08 17:41:40 | 00,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
PRC - [2003/09/19 13:11:46 | 00,065,536 | ---- | M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
PRC - [2003/08/19 17:21:01 | 00,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/06/24 10:46:30 | 00,245,760 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/02 15:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2003/03/05 06:30:10 | 00,155,648 | ---- | M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe
PRC - [2002/12/17 18:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
PRC - [2002/12/17 18:23:32 | 00,074,308 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2002/08/29 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2002/03/21 23:41:56 | 00,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
PRC - [2000/06/29 03:45:10 | 00,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2009/10/16 13:13:18 | 01,170,768 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc [Auto | Running])
SRV - [2009/05/27 07:17:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/10/16 21:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto | Running])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/12/21 13:30:40 | 00,131,072 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/10/20 08:40:04 | 00,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Disabled | Stopped])
SRV - [2004/09/22 19:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS [Auto | Running])
SRV - [2004/01/08 17:41:40 | 00,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto | Running])
SRV - [2003/09/19 13:11:46 | 00,065,536 | ---- | M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/05/02 15:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/03/05 06:30:10 | 00,155,648 | ---- | M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe -- (SuperProServer [Auto | Running])
SRV - [2003/03/03 13:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2002/12/17 18:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto | Running])
SRV - [2002/12/17 18:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand | Stopped])
SRV - [2002/12/17 18:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2000/06/29 03:45:10 | 00,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-msgr&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo....r=ytff-msgr&p="


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/27 07:17:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 18:38:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2008/04/08 08:02:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/07/23 03:15:21 | 00,000,000 | ---D | M]

[2009/10/19 08:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions
[2009/10/19 08:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/12/29 18:36:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/19 08:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\staged-xpis
[2009/10/19 09:02:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/03/02 18:47:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/27 10:19:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2008/02/12 12:01:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/19 08:33:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/12 07:08:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/27 07:18:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2006/03/02 18:47:31 | 00,060,518 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/03/02 18:47:34 | 00,049,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/03/02 18:47:31 | 00,165,992 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/05/27 07:17:53 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2006/03/02 18:47:33 | 00,017,024 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll
[2006/03/02 18:47:38 | 00,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
[2006/03/02 18:47:38 | 00,000,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
[2006/03/02 18:47:38 | 00,001,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png
[2006/03/02 18:47:38 | 00,000,539 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src
[2006/03/02 18:47:38 | 00,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2006/03/02 18:47:38 | 00,001,007 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2006/03/02 18:47:38 | 00,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2006/03/02 18:47:38 | 00,001,056 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2006/03/02 18:47:38 | 00,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2006/03/02 18:47:38 | 00,000,718 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2006/03/02 18:47:38 | 00,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2006/03/02 18:47:38 | 00,001,122 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src

O1 HOSTS File: (2369 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: <html>
O1 - Hosts: <head>
O1 - Hosts: <title>cominstall-adobe-flash.com</title>
O1 - Hosts: <script type="text/javascript" src="/js/general.js"></script>
O1 - Hosts: <script type="text/javascript">
O1 - Hosts: ChkRequestEnc('YToyMTp7aTowO3M6MTk6IjIwMDktMTAtMTcgMDk6MDI6NTciO2k6MTtzOjc6IjMwNzgzMjEiO2k6MjtOO2k6MztzOjEyOiJDcmF6eUJybyAxLjAiO2k6
NDtzOjg1OiIvaC5waHA/Y2FjaGluZ0Rlbnk9LmNvbSZpZD1oLmNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJmlwPTEyNy4wLjAuMSZtb2RlPWhvc3RzJmRsbD0xIjtpOjU7czoxMzoi
NzEuMTEzLjI0OS41NSI7aTo2O3M6MjoiMTEiO2k6NztzOjA6IiI7aTo4O3M6MToidCI7aTo5O3M6MjoiVVMiO2k6MTA7czo1OiJURVhBUyI7aToxMTtzOjY6I
klSVklORyI7aToxMjtzOjI6IjE1IjtpOjEzO3M6MjY6ImNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tIjtpOjE0O3M6OTc6Imh0dHA6Ly9zZWRvcGFya2luZy
5jb20vc2VhcmNoL3JlZ2lzdHJhci5waHA/ZG9tYWluPWNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJnJlZ2lzdHJhcj10cmVsbGlhbjUiO2k6MTU7TjtpOjE2O047aToxNztOO2k6MTg7TjtpOjE5O047
aToyMDtOO30=');
O1 - Hosts: </script>
O1 - Hosts: <script type="text/javascript">
O1 - Hosts: var fl = "toolbar";
O1 - Hosts: var u = "/" + fl + ".php";
O1 - Hosts: u = u + "?enc=YToyMTp7aTowO3M6MTk6IjIwMDktMTAtMTcgMDk6MDI6NTciO2k6MTtzOjc6IjMwNzgzMjEiO2k6MjtOO2k6MztzOjEyOiJDcmF6eUJybyAxLjAiO2k6
NDtzOjg1OiIvaC5waHA%2FY2FjaGluZ0Rlbnk9LmNvbSZpZD1oLmNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJmlwPTEyNy4wLjAuMSZtb2RlPWhvc3RzJmRsbD0xIjtpOjU7czoxMz
oiNzEuMTEzLjI0OS41NSI7aTo2O3M6MjoiMTEiO2k6NztzOjA6IiI7aTo4O3M6MToidCI7aTo5O3M6MjoiVVMiO2k6MTA7czo1OiJURVhBUyI7aToxMTtzOjY
6IklSVklORyI7aToxMjtzOjI6IjE1IjtpOjEzO3M6MjY6ImNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tIjtpOjE0O3M6OTc6Imh0dHA6Ly9zZWRvcGFya2lu
Zy5jb20vc2VhcmNoL3JlZ2lzdHJhci5waHA%2FZG9tYWluPWNvbWluc3RhbGwtYWRvYmUtZmxhc2guY29tJnJlZ2lzdHJhcj10cmVsbGlhbjUiO2k6MTU7TjtpOjE2O047aToxNztOO2k6MTg7TjtpOjE5O0
47aToyMDtOO30%3D";
O1 - Hosts: var w = '690';
O1 - Hosts: var h = '320';
O1 - Hosts: var wV = 'scrollbars=no,resizable=yes,toolbar=no,' + 'menubar=no,status=no,location=no,height=' + h + ',width=' + w;
O1 - Hosts: tW = window.open(u, "tWin", wV);
O1 - Hosts: if (null !== tW)
O1 - Hosts: {
O1 - Hosts: tW.blur();
O1 - Hosts: window.focus();
O1 - Hosts: }
O1 - Hosts: </script>
O1 - Hosts: </head>
O1 - Hosts: <frameset rows="100%,*" frameborder="no" border="0" framespacing="0">
O1 - Hosts: <!-- SCC a11 -->
O1 - Hosts: <frame src="http://sedoparking.c...rar=trellian5">
O1 - Hosts: 16 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Chiro8000 v12 File Server.lnk = C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.acngroup...tivexviewer.cab (Crystal Report Viewer Control 9)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...147/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} https://accounting.q....559/qboax8.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} http://validate.meas...ASADownload.CAB (MDASADownload.Complete)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/03 16:22:14 | 00,000,000 | ---D | M] - C:\autodoc -- [ NTFS ]
O32 - AutoRun File - [2007/01/21 10:36:34 | 00,000,000 | ---D | M] - C:\Autodoc2 -- [ NTFS ]
O32 - AutoRun File - [2004/10/26 20:50:33 | 00,000,002 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/02 16:08:53 | 00,000,000 | ---D | M] - C:\autosync -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: Ip6FwHlp - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/16 13:11:35 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/16 13:10:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/10/19 08:06:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/16 16:59:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/15 10:12:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Doylechiro\Application Data\Gmail
[2009/10/19 08:07:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Doylechiro\Application Data\Malwarebytes
[2009/10/19 08:04:17 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/19 08:06:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/16 17:24:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/10/16 17:17:01 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/10/19 13:48:23 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe
[2009/10/19 13:42:19 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Doylechiro\Desktop\RootRepeal.exe
[2009/10/19 08:08:25 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doylechiro\Desktop\lllkkkiii-setup.exe
[2009/10/19 08:06:55 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/19 08:06:52 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/19 08:05:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/19 07:36:18 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\My Documents\TFC.exe
[2009/10/16 13:14:17 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

========== Files - Modified Within 14 Days ==========

[2009/10/26 07:31:10 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Desktop\settings.dat
[2009/10/26 07:19:19 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/10/26 07:11:25 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/26 07:08:18 | 00,000,448 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/10/26 07:08:07 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/10/26 07:07:58 | 00,000,398 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (SmartDrawTrial).job
[2009/10/26 07:07:58 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2009/10/26 07:07:46 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/26 07:06:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/26 07:06:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/23 12:33:23 | 00,002,119 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mat.gif
[2009/10/23 12:33:23 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mzn.gif
[2009/10/23 12:33:23 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mby.gif
[2009/10/23 09:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job
[2009/10/21 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job
[2009/10/19 13:48:29 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe
[2009/10/19 13:42:19 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Doylechiro\Desktop\RootRepeal.exe
[2009/10/19 08:09:46 | 00,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/19 08:08:31 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doylechiro\Desktop\lllkkkiii-setup.exe
[2009/10/19 08:04:26 | 00,000,800 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/19 08:04:23 | 00,000,644 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Desktop\NTREGOPT.lnk
[2009/10/19 08:04:22 | 00,000,625 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Desktop\ERUNT.lnk
[2009/10/19 07:36:23 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\My Documents\TFC.exe
[2009/10/19 04:03:00 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\Scan for Viruses.job
[2009/10/19 02:20:00 | 00,000,620 | ---- | M] () -- C:\WINDOWS\tasks\ACOScheduler_DNS_Cody Doyle (v8)_DNS_Microphone (Mic-In)_DNS_DR_ CODY DOYLE_1.job
[2009/10/18 03:06:01 | 00,000,382 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/10/16 17:24:27 | 00,000,853 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2009/10/16 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job
[2009/10/16 14:40:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/16 13:11:33 | 00,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/15 03:27:17 | 00,533,408 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 03:27:17 | 00,463,200 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/10/15 03:27:17 | 00,079,920 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/10/15 03:12:24 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/14 04:00:00 | 00,000,432 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DOCFW-Dr. Cody Doyle).job

========== Files - No Company Name ==========
[2009/10/26 07:31:10 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Desktop\settings.dat
[2009/10/19 08:06:59 | 00,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/19 08:04:26 | 00,000,800 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/19 08:04:23 | 00,000,644 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Desktop\NTREGOPT.lnk
[2009/10/19 08:04:22 | 00,000,625 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Desktop\ERUNT.lnk
[2009/10/16 17:30:12 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/16 17:24:27 | 00,000,853 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2009/10/16 15:02:38 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/10/16 13:15:04 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/16 13:11:33 | 00,000,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/15 10:22:59 | 00,002,119 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mat.gif
[2009/10/15 10:22:59 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mzn.gif
[2009/10/15 10:22:59 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mby.gif
[2008/10/15 14:43:48 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\DM510.dll
[2008/02/17 12:35:24 | 00,004,114 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\SAS7_000.DAT
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/21 10:36:40 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/02 12:51:26 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/04/17 14:45:49 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\fusioncache.dat
[2006/03/10 09:54:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\DESKTOP.INI
[2006/03/10 09:54:53 | 00,082,416 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/03/10 09:54:49 | 01,578,622 | -H-- | C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\IconCache.db
[2006/01/27 09:25:39 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/01/17 15:58:04 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\BADECEE175.sys
[2006/01/17 15:41:52 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/09/29 15:00:21 | 00,000,340 | ---- | C] () -- C:\WINDOWS\ptlabels.ini
[2005/08/01 10:04:19 | 00,000,187 | ---- | C] () -- C:\WINDOWS\wiseftp.ini
[2005/04/11 14:49:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2005/03/03 09:17:05 | 00,000,428 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/31 16:08:30 | 00,000,032 | ---- | C] () -- C:\WINDOWS\concentr.ini
[2005/01/31 15:10:21 | 00,000,042 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/01/28 11:45:23 | 00,000,377 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/12/09 18:36:40 | 00,000,012 | ---- | C] () -- C:\WINDOWS\clocked.ini
[2004/11/30 11:04:03 | 00,000,072 | ---- | C] () -- C:\WINDOWS\WINTIME.INI
[2004/11/26 21:57:26 | 00,000,567 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2004/11/26 21:56:35 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\SAWZip.dll
[2004/11/26 21:56:35 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004/11/26 21:56:31 | 00,307,200 | ---- | C] () -- C:\WINDOWS\System32\AppointmentView.dll
[2004/11/26 21:56:27 | 00,345,088 | ---- | C] () -- C:\WINDOWS\System32\ShrLk21.dll
[2004/11/26 21:56:27 | 00,304,128 | ---- | C] () -- C:\WINDOWS\System32\KeyGen.dll
[2004/10/26 20:50:32 | 00,000,121 | ---- | C] () -- C:\WINDOWS\Lname.ini
[2004/10/26 20:50:29 | 00,000,482 | ---- | C] () -- C:\WINDOWS\HITLIST.INI
[2004/10/26 20:50:28 | 00,000,214 | ---- | C] () -- C:\WINDOWS\Browser.ini
[2004/10/26 10:19:45 | 00,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/09/03 08:49:07 | 00,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/09/03 08:42:34 | 00,000,045 | ---- | C] () -- C:\WINDOWS\IDIGFLGN.ini
[2004/07/17 15:06:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Dssole.INI
[2004/07/17 15:06:07 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2004/07/07 16:32:17 | 00,014,938 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2004/06/30 08:34:22 | 00,000,010 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/14 10:46:07 | 00,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/06/08 11:27:17 | 00,000,064 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/06/08 11:27:15 | 00,000,520 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/06/08 11:24:14 | 00,001,471 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/06/01 10:24:42 | 00,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/06/01 10:24:42 | 00,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/21 13:34:09 | 00,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/05/21 13:34:09 | 00,000,134 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2004/05/21 13:31:37 | 00,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2004/05/21 11:54:13 | 00,001,437 | ---- | C] () -- C:\WINDOWS\hpdj5800.ini
[2004/01/20 07:24:15 | 00,040,278 | ---- | C] () -- C:\Program Files\Copy of Patients.dat
[2003/11/04 11:39:18 | 00,000,005 | ---- | C] () -- C:\WINDOWS\SUPER.INI
[2003/10/20 16:00:28 | 00,000,832 | ---- | C] () -- C:\WINDOWS\efscan.ini
[2003/10/20 16:00:28 | 00,000,021 | ---- | C] () -- C:\WINDOWS\efaxview.ini
[2003/10/09 20:04:56 | 00,000,027 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/09/24 16:34:19 | 00,251,392 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2003/09/24 16:34:19 | 00,000,150 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2003/09/24 16:34:13 | 00,010,092 | ---- | C] () -- C:\WINDOWS\exerpro.ini
[2003/09/22 17:13:17 | 00,000,773 | ---- | C] () -- C:\WINDOWS\BLST8.INI
[2003/09/20 11:18:22 | 00,000,173 | ---- | C] () -- C:\WINDOWS\srlink.ini
[2003/09/20 11:18:22 | 00,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx96.ini
[2003/09/20 11:17:42 | 00,021,504 | ---- | C] () -- C:\WINDOWS\System32\docobj.dll
[2003/09/20 11:15:13 | 00,000,213 | ---- | C] () -- C:\WINDOWS\dgnsetup.ini
[2003/09/18 07:51:25 | 00,000,027 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2003/09/18 07:51:21 | 00,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2003/09/18 07:51:21 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2003/09/18 07:50:22 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32mkrc.dll
[2003/09/18 07:50:22 | 00,097,290 | ---- | C] () -- C:\WINDOWS\System32\Crp32dll.dll
[2003/09/18 07:50:17 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\owl53v.dll
[2003/09/18 07:50:17 | 00,906,784 | ---- | C] () -- C:\WINDOWS\System32\Owl52f.dll
[2003/09/18 07:50:17 | 00,017,424 | ---- | C] () -- C:\WINDOWS\System32\FH_BMP.DLL
[2003/09/18 07:50:12 | 00,531,456 | ---- | C] () -- C:\WINDOWS\System32\Bdt52cf.dll
[2003/09/18 07:50:12 | 00,518,080 | ---- | C] () -- C:\WINDOWS\System32\bdt52c.dll
[2003/09/18 07:46:18 | 00,001,640 | ---- | C] () -- C:\WINDOWS\TrackMe.ini
[2003/09/16 10:07:26 | 00,000,036 | ---- | C] () -- C:\WINDOWS\BLST.INI
[2003/09/14 17:23:53 | 00,174,608 | ---- | C] () -- C:\WINDOWS\Tutility.dll
[2003/09/14 16:24:39 | 00,001,371 | ---- | C] () -- C:\WINDOWS\PM4W.INI
[2003/09/14 13:22:47 | 00,009,208 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2003/09/14 13:17:09 | 00,000,951 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2003/08/19 17:22:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/19 17:17:56 | 00,000,885 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2003/08/19 17:16:47 | 00,001,143 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/19 17:11:52 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/19 17:00:08 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/19 16:49:32 | 00,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/09 09:38:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002/09/03 13:36:02 | 00,000,699 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 13:26:32 | 00,000,246 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/09/03 13:26:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2002/04/11 13:47:52 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2009/10/19 08:06:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/16 13:11:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2006/01/17 15:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2006/01/17 15:50:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2004/11/26 15:38:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2004/10/26 10:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2009/01/13 20:08:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2006/01/27 09:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/04/03 14:42:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/02/17 12:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2004/06/14 09:13:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/08/20 07:11:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2003/08/19 17:13:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/02/17 16:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2004/01/22 11:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2009/10/16 16:59:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/02/06 14:03:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/19 08:07:25 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Doylechiro\Application Data
[2007/01/10 12:56:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\ActiveDocs
[2008/09/26 12:51:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\FileZilla
[2006/09/27 12:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\G7PS
[2009/10/15 10:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Gmail
[2006/04/25 09:02:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Kana Solution
[2008/03/03 18:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\KompoZer
[2008/10/15 14:45:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\LinkManager 4.0
[2007/04/03 14:43:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\MSN6
[2008/02/17 12:07:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Nuance
[2009/01/27 13:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\OpenOffice.org
[2006/09/05 10:07:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\ScanSoft
[2008/03/24 11:52:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Viewpoint
[2009/10/19 02:20:00 | 00,000,620 | ---- | M] () -- C:\WINDOWS\Tasks\ACOScheduler_DNS_Cody Doyle (v8)_DNS_Microphone (Mic-In)_DNS_DR_ CODY DOYLE_1.job
[2009/10/26 07:07:46 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/10/16 14:40:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/10/14 04:00:00 | 00,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DOCFW-Dr. Cody Doyle).job
[2009/10/26 07:11:25 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/10/26 07:08:18 | 00,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/10/26 07:07:58 | 00,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2009/10/18 03:06:01 | 00,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/10/26 07:06:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/19 04:03:00 | 00,000,360 | ---- | M] () -- C:\WINDOWS\Tasks\Scan for Viruses.job
[2009/10/26 07:07:58 | 00,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job
[2009/10/16 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job
[2009/10/23 09:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job
[2009/10/21 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/12/12 13:01:18 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
EVENTLOG.DLL : MD5=BF3C8CF53C77B48206B39910B6D6CBCC -> C:\I386\EVENTLOG.DLL -> [2002/08/29 05:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation)
[2 C:\I386\*.tmp files]
eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78 -> C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll -> [2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation)
eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\ServicePackFiles\i386\eventlog.dll -> [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation)
eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656 -> C:\WINDOWS\System32\eventlog.dll -> [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation)

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
SCECLI.DLL : MD5=97418A5C642A5C748A28BD7CF6860B57 -> C:\I386\SCECLI.DLL -> [2002/08/29 05:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation)
[2 C:\I386\*.tmp files]
scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A -> C:\WINDOWS\$NtServicePackUninstall$\scecli.dll -> [2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\ServicePackFiles\i386\scecli.dll -> [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation)
scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -> C:\WINDOWS\System32\scecli.dll -> [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation)

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
NETLOGON.DLL : MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -> C:\I386\NETLOGON.DLL -> [2002/08/29 05:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation)
[2 C:\I386\*.tmp files]
netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A -> C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll -> [2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\ServicePackFiles\i386\netlogon.dll -> [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation)
netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550 -> C:\WINDOWS\System32\netlogon.dll -> [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation)

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
atapi.sys : MD5=3C33F5479520844A186C2D43ECFFD477 -> C:\I386\atapi.sys -> [2003/01/31 15:43:30 | 00,087,040 | ---- | M] (Microsoft Corporation)
[2 C:\I386\*.tmp files]
atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -> C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -> [2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\ServicePackFiles\i386\atapi.sys -> [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674 -> C:\WINDOWS\System32\DRIVERS\atapi.sys -> [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=95B858761A00E1D4F81F79A0DA019ACA -> C:\WINDOWS\System32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys -> [2002/08/29 01:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation)
atapi.sys : MD5=95B858761A00E1D4F81F79A0DA019ACA -> C:\WINDOWS\System32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys -> [2002/08/29 01:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation)

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\oldnartvtmp.rtf:SummaryInformation
< End of report >
  • 0

#5
andrewuk
Posted 26 October 2009 - 07:30 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
====STEP 1====
Run OTL.exe by double clicking the icon on your desktop
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Commands
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • There is unlikely to be a log to post

====STEP 2====
We will then use ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


====STEP 3====
We will run OTL , but go for a shortened log.
  • Close all windows and open it by double clicking on the icon
  • we are targetting a selective output, hence:
    • on the left hand side, in the box titled "Processes" select none
    • on the left hand side, in the box titled "Drivers" select none
    • on the left hand side, in the box titled "Extra Registry" select none
    • on the right hand side, in the box titled "Files created within" select none
    • on the right hand side, in the box titled "Files modified within" select none
    • tick both the boxes marked Purity check and Lop check
  • Click Run Scan and let the program run uninterrupted
  • It will produce one log for you called OTL.txt. Please post that log here in reply.


In your next reply could i see:
1. the combofix log
2. the OTL log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#6
bitterbuck
Posted 26 October 2009 - 09:10 AM

bitterbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Combofix

ComboFix 09-10-25.02 - Doylechiro 10/26/2009 9:45.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.189 [GMT -5:00]
Running from: c:\documents and settings\Doylechiro\My Documents\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Doylechiro\Application Data\Gmail
c:\documents and settings\Doylechiro\Application Data\Gmail\gorhv17911194.exe
c:\documents and settings\Doylechiro\Application Data\Gmail\Shell32.dll
c:\documents and settings\Doylechiro\Application Data\Gmail\Shell32.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 )))))))))))))))))))))))))))))))
.

2009-10-19 13:04 . 2009-10-19 13:04 -------- d-----w- c:\program files\ERUNT
2009-10-16 22:30 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-16 22:24 . 2009-10-16 22:25 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-10-16 22:17 . 2009-10-16 22:18 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-16 21:59 . 2009-10-16 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-16 20:02 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-16 18:14 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-16 18:11 . 2009-10-16 18:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-16 18:10 . 2009-10-16 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 12:06 . 2006-12-20 22:45 -------- d-----w- c:\program files\LogMeIn
2009-10-19 13:43 . 2003-08-19 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-10-19 13:09 . 2009-10-19 13:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 13:07 . 2009-10-19 13:07 -------- d-----w- c:\documents and settings\Doylechiro\Application Data\Malwarebytes
2009-10-19 13:06 . 2009-10-19 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-16 18:10 . 2004-11-05 15:34 -------- d-----w- c:\program files\Lavasoft
2009-09-11 14:18 . 2002-08-29 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-10-19 13:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-10-19 13:06 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 08:13 . 2009-07-21 12:22 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2002-08-29 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 18:07 . 2008-04-08 13:44 62096 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-31 13:58 . 2009-08-31 13:58 -------- d-----w- c:\program files\LogMeIn Rescue Calling Card
2009-08-29 07:36 . 2004-02-06 23:05 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2002-08-29 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2002-08-29 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 12:09 . 2006-03-10 14:54 82416 ----a-w- c:\documents and settings\Doylechiro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-25 12:08 . 2003-08-19 22:15 8224 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 20:09 . 2009-08-20 20:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:44 . 1980-01-01 05:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 1980-01-01 05:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-01-20 13:33 . 2004-01-20 12:24 40278 -c--a-w- c:\program files\Copy of Patients.dat
2006-03-02 23:47 . 2006-03-02 23:47 60518 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-03-02 23:47 . 2006-03-02 23:47 49248 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-03-02 23:47 . 2006-03-02 23:47 165992 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-01-14 02:23 . 2006-01-17 20:58 56 --sh--r- c:\windows\SYSTEM32\BADECEE175.sys
2009-01-14 02:23 . 2006-01-17 20:41 3350 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 405583]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-06-24 245760]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-27 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-08-19 151597]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Doylechiro\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Chiro8000 v12 File Server.lnk - c:\program files\Forte Systems\Chiro8000 v12\FileServer.exe [2008-12-11 380928]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 02:35 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Chiro8000 File Server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Chiro8000 File Server.lnk
backup=c:\windows\pss\Chiro8000 File Server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk
backup=c:\windows\pss\Device Detector 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Doylechiro^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
path=c:\documents and settings\Doylechiro\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Doylechiro^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Doylechiro\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dr. Cody Doyle^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
path=c:\documents and settings\Dr. Cody Doyle\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\mshta.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\PVSW\\Bin\\w3dbsmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Forte Systems\\Chiro8000 v12\\PM.exe"=
"c:\\PVSW\\Bin\\sqldmgr.exe"=
"c:\\Program Files\\Forte Systems\\Chiro8000 v12\\FileServer.exe"=
"c:\\Program Files\\Forte Systems\\Chiro8000\\FileServer.exe"=
"c:\\Program Files\\Forte Systems\\Chiro8000 v12\\DBUtility.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"8080:TCP"= 8080:TCP:Remote Access
"1433:TCP"= 1433:TCP:*:Disabled:1433
"1433:UDP"= 1433:UDP:*:Disabled:1433
"14000:TCP"= 14000:TCP:*:Disabled:14000
"14000:UDP"= 14000:UDP:*:Disabled:14000
"110:TCP"= 110:TCP:svchost

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [10/16/2009 1:14 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1170768]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys [1/13/2009 8:08 PM 47640]
R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;c:\program files\Visioneer\OneTouch 4.0\OtService.exe [12/21/2007 1:30 PM 131072]
R2 vnccom;vnccom;c:\windows\SYSTEM32\DRIVERS\vnccom.SYS [9/14/2008 4:56 PM 6016]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:13]

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]

2009-10-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]

2009-10-26 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-10-26 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-10-18 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-10-26 c:\windows\Tasks\SDMsgUpdate (SmartDrawTrial).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2005-11-09 17:09]

2009-10-16 c:\windows\Tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job
- c:\windows\system32\mobsync.exe [2002-08-29 00:12]

2009-10-26 c:\windows\Tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job
- c:\windows\system32\mobsync.exe [2002-08-29 00:12]

2009-10-21 c:\windows\Tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job
- c:\windows\system32\mobsync.exe [2002-08-29 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} - hxxp://validate.measureup.com/test/controls/MDASADownload.CAB
FF - ProfilePath - c:\documents and settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-realtekc - c:\documents and settings\Doylechiro\Application Data\Gmail\gorhv17911194.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 10:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???8???????x???x???????????x???????????x???x??????????????????????????????????????????w????????????j??w????x???x??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-10-26 10:04
ComboFix-quarantined-files.txt 2009-10-26 15:04

Pre-Run: 29,184,630,784 bytes free
Post-Run: 29,202,206,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - DD58CC7140833D09F720E20D75FCBDFB

OTL

OTL logfile created on: 10/26/2009 10:08:47 AM - Run 3
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Doylechiro\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 205.68 Mb Available Physical Memory | 26.82% Memory free
1.46 Gb Paging File | 1.00 Gb Available in Paging File | 68.64% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 27.23 Gb Free Space | 36.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOCFW
Current User Name: Doylechiro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2009/10/16 13:13:18 | 01,170,768 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc [Auto | Running])
SRV - [2009/05/27 07:17:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2008/10/16 21:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto | Running])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/12/21 13:30:40 | 00,131,072 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/10/20 08:40:04 | 00,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Disabled | Stopped])
SRV - [2004/09/22 19:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS [Auto | Stopped])
SRV - [2004/01/08 17:41:40 | 00,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto | Stopped])
SRV - [2003/09/19 13:11:46 | 00,065,536 | ---- | M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])
SRV - [2003/05/02 15:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/03/05 06:30:10 | 00,155,648 | ---- | M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe -- (SuperProServer [Auto | Stopped])
SRV - [2003/03/03 13:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2002/12/17 18:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto | Running])
SRV - [2002/12/17 18:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand | Stopped])
SRV - [2002/12/17 18:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2000/06/29 03:45:10 | 00,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-msgr&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo....r=ytff-msgr&p="


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/27 07:17:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 18:38:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2008/04/08 08:02:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/07/23 03:15:21 | 00,000,000 | ---D | M]

[2009/10/19 08:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions
[2009/10/19 08:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/12/29 18:36:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/19 08:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\staged-xpis
[2009/10/19 09:02:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/03/02 18:47:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/27 10:19:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2008/02/12 12:01:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/19 08:33:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/12 07:08:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/27 07:18:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2006/03/02 18:47:31 | 00,060,518 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/03/02 18:47:34 | 00,049,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/03/02 18:47:31 | 00,165,992 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/05/27 07:17:53 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2006/03/02 18:47:33 | 00,017,024 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll
[2006/03/02 18:47:38 | 00,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
[2006/03/02 18:47:38 | 00,000,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
[2006/03/02 18:47:38 | 00,001,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png
[2006/03/02 18:47:38 | 00,000,539 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src
[2006/03/02 18:47:38 | 00,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2006/03/02 18:47:38 | 00,001,007 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2006/03/02 18:47:38 | 00,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2006/03/02 18:47:38 | 00,001,056 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2006/03/02 18:47:38 | 00,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2006/03/02 18:47:38 | 00,000,718 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2006/03/02 18:47:38 | 00,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2006/03/02 18:47:38 | 00,001,122 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src

O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Chiro8000 v12 File Server.lnk = C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.acngroup...tivexviewer.cab (Crystal Report Viewer Control 9)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...147/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} https://accounting.q....559/qboax8.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} http://validate.meas...ASADownload.CAB (MDASADownload.Complete)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/03 16:22:14 | 00,000,000 | ---D | M] - C:\autodoc -- [ NTFS ]
O32 - AutoRun File - [2007/01/21 10:36:34 | 00,000,000 | ---D | M] - C:\Autodoc2 -- [ NTFS ]
O32 - AutoRun File - [2004/10/26 20:50:33 | 00,000,002 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/02 16:08:53 | 00,000,000 | ---D | M] - C:\autosync -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== LOP Check ==========

[2009/10/19 08:06:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/16 13:11:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2006/01/17 15:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2006/01/17 15:50:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2004/11/26 15:38:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2004/10/26 10:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2009/01/13 20:08:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2006/01/27 09:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/04/03 14:42:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/02/17 12:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2004/06/14 09:13:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/08/20 07:11:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2003/08/19 17:13:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/02/17 16:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2004/01/22 11:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2009/10/16 16:59:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/02/06 14:03:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/26 09:59:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Doylechiro\Application Data
[2007/01/10 12:56:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\ActiveDocs
[2008/09/26 12:51:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\FileZilla
[2006/09/27 12:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\G7PS
[2006/04/25 09:02:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Kana Solution
[2008/03/03 18:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\KompoZer
[2008/10/15 14:45:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\LinkManager 4.0
[2007/04/03 14:43:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\MSN6
[2008/02/17 12:07:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Nuance
[2009/01/27 13:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\OpenOffice.org
[2006/09/05 10:07:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\ScanSoft
[2008/03/24 11:52:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Viewpoint
[2009/10/26 09:02:58 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/10/16 14:40:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/10/26 09:00:42 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/10/26 08:56:02 | 00,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/10/26 10:04:49 | 00,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2009/10/18 03:06:01 | 00,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/10/26 10:04:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/26 08:55:47 | 00,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job
[2009/10/16 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job
[2009/10/26 09:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job
[2009/10/21 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job

========== Purity Check ==========


< End of report >
  • 0

#7
andrewuk
Posted 26 October 2009 - 11:22 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
any idea what this refers to?

O16 - DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} http://validate.meas...ASADownload.CAB (MDASADownload.Complete)


====STEP 1====
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8CE3BAE6-AB66-40B6-9019-41E5282FF1E2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]

Driver::
LMIRfsClientNP


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



====STEP 2====

We will again run OTL , but go for a shortened log.
  • Close all windows and open it by double clicking on the icon
  • we are again targetting a selective output, hence:
    • on the left hand side, in the box titled "Processes" select none
    • on the left hand side, in the box titled "Drivers" select none
    • on the left hand side, in the box titled "Extra Registry" select none
    • on the right hand side, in the box titled "Files created within" select none
    • on the right hand side, in the box titled "Files modified within" select none
    • tick both the boxes marked Purity check and Lop check
  • Click Run Scan and let the program run uninterrupted
  • It will produce one log for you called OTL.txt. Please post that log here in reply.
  • You may need to use two posts to get it all on the forum



====STEP 3====
i want to scan a couple of files that i do not recognise:

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. . . . . if the copy function does not work then copy the url link in your reply.
  • Paste the contents of the Clipboard in your next reply (you will need to paste the link onto a notepad before you do the other scans below, else the contents of your clipboard will be written over with the new links).
Could you do the same for the following file:
  • c:\windows\SYSTEM32\BADECEE175.sys




In your next reply could i see:
1. the answer to the question at the start
2. the combofix log
3. the OTL log
4. the 2 vircan links or logs


The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#8
bitterbuck
Posted 26 October 2009 - 01:37 PM

bitterbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I recieved the following error when combofix rebooted.

SQL Server could not find the default instance of MSQLSERVER- Please specify the name of an existing instance on the invocation of sqlservr.exe. If you believe your installation is corrupt or has been tampered with, uninstall the re-run setup to correct this problem.

1. No, I do not recognize this

Combofix Log

ComboFix 09-10-25.02 - Doylechiro 10/26/2009 13:32.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.309 [GMT -5:00]
Running from: c:\documents and settings\Doylechiro\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Doylechiro\My Documents\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LMIRFSCLIENTNP
-------\Service_LMIRfsClientNP


((((((((((((((((((((((((( Files Created from 2009-09-26 to 2009-10-26 )))))))))))))))))))))))))))))))
.

2009-10-26 13:52 . 2009-10-26 13:52 -------- d-----w- C:\_OTL
2009-10-19 13:07 . 2009-10-19 13:07 -------- d-----w- c:\documents and settings\Doylechiro\Application Data\Malwarebytes
2009-10-19 13:06 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 13:06 . 2009-10-19 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-19 13:06 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 13:06 . 2009-10-19 13:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 13:04 . 2009-10-19 13:04 -------- d-----w- c:\program files\ERUNT
2009-10-16 22:30 . 2009-10-01 15:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-16 22:24 . 2009-10-16 22:25 -------- d-----w- c:\program files\Microsoft Security Essentials
2009-10-16 22:17 . 2009-10-16 22:18 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-16 21:59 . 2009-10-16 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-16 20:02 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-16 18:14 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-16 18:11 . 2009-10-16 18:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-16 18:10 . 2009-10-16 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 12:06 . 2006-12-20 22:45 -------- d-----w- c:\program files\LogMeIn
2009-10-19 13:43 . 2003-08-19 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-10-16 18:10 . 2004-11-05 15:34 -------- d-----w- c:\program files\Lavasoft
2009-09-11 14:18 . 2002-08-29 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 08:13 . 2009-07-21 12:22 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-04 21:03 . 2002-08-29 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 18:07 . 2008-04-08 13:44 62096 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-31 13:58 . 2009-08-31 13:58 -------- d-----w- c:\program files\LogMeIn Rescue Calling Card
2009-08-29 07:36 . 2004-02-06 23:05 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2002-08-29 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2002-08-29 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 12:09 . 2006-03-10 14:54 82416 ----a-w- c:\documents and settings\Doylechiro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-25 12:08 . 2003-08-19 22:15 8224 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 20:09 . 2009-08-20 20:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:44 . 1980-01-01 05:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 1980-01-01 05:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-01-20 13:33 . 2004-01-20 12:24 40278 -c--a-w- c:\program files\Copy of Patients.dat
2006-03-02 23:47 . 2006-03-02 23:47 60518 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-03-02 23:47 . 2006-03-02 23:47 49248 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-03-02 23:47 . 2006-03-02 23:47 165992 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-01-14 02:23 . 2006-01-17 20:58 56 --sh--r- c:\windows\SYSTEM32\BADECEE175.sys
2009-01-14 02:23 . 2006-01-17 20:41 3350 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-26_15.00.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-26 18:48 . 2009-10-26 18:48 16384 c:\windows\Temp\Perflib_Perfdata_700.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 405583]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2003-06-24 245760]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-05-02 4640768]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-27 148888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-08-19 151597]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Doylechiro\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Chiro8000 v12 File Server.lnk - c:\program files\Forte Systems\Chiro8000 v12\FileServer.exe [2008-12-11 380928]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 02:35 87352 ----a-w- c:\windows\SYSTEM32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Chiro8000 File Server.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Chiro8000 File Server.lnk
backup=c:\windows\pss\Chiro8000 File Server.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk
backup=c:\windows\pss\Device Detector 2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Doylechiro^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
path=c:\documents and settings\Doylechiro\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Doylechiro^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Doylechiro\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dr. Cody Doyle^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
path=c:\documents and settings\Dr. Cody Doyle\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
backup=c:\windows\pss\Dragon NaturallySpeaking.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\mshta.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"c:\\PVSW\\Bin\\w3dbsmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Forte Systems\\Chiro8000 v12\\PM.exe"=
"c:\\PVSW\\Bin\\sqldmgr.exe"=
"c:\\Program Files\\Forte Systems\\Chiro8000 v12\\FileServer.exe"=
"c:\\Program Files\\Forte Systems\\Chiro8000\\FileServer.exe"=
"c:\\Program Files\\Forte Systems\\Chiro8000 v12\\DBUtility.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"8080:TCP"= 8080:TCP:Remote Access
"1433:TCP"= 1433:TCP:*:Disabled:1433
"1433:UDP"= 1433:UDP:*:Disabled:1433
"14000:TCP"= 14000:TCP:*:Disabled:14000
"14000:UDP"= 14000:UDP:*:Disabled:14000
"110:TCP"= 110:TCP:svchost

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [10/16/2009 1:14 PM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1170768]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\SYSTEM32\DRIVERS\LMIRfsDriver.sys [1/13/2009 8:08 PM 47640]
R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;c:\program files\Visioneer\OneTouch 4.0\OtService.exe [12/21/2007 1:30 PM 131072]
R2 vnccom;vnccom;c:\windows\SYSTEM32\DRIVERS\vnccom.SYS [9/14/2008 4:56 PM 6016]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:13]

2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]

2009-10-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]

2009-10-26 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-10-26 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-10-18 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-10-26 c:\windows\Tasks\SDMsgUpdate (SmartDrawTrial).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2005-11-09 17:09]

2009-10-16 c:\windows\Tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job
- c:\windows\system32\mobsync.exe [2002-08-29 00:12]

2009-10-26 c:\windows\Tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job
- c:\windows\system32\mobsync.exe [2002-08-29 00:12]

2009-10-21 c:\windows\Tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job
- c:\windows\system32\mobsync.exe [2002-08-29 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} - hxxp://validate.measureup.com/test/controls/MDASADownload.CAB
FF - ProfilePath - c:\documents and settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-26 13:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???x???x???????????????????x???8???????x???x???????????x???????????x???x??????????????????????????????????????????w????????????j??w????x???x??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\LMIinit.dll
c:\windows\system32\mobilev.acm

- - - - - - - > 'explorer.exe'(2644)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXEV.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\crypserv.exe
c:\program files\Olympus\DeviceDetector\DM1Service.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\nvsvc32.exe
c:\program files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\fxssvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\combofix\CF20334.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-26 14:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-26 19:07
ComboFix2.txt 2009-10-26 15:24

Pre-Run: 29,158,019,072 bytes free
Post-Run: 29,039,312,896 bytes free

- - End Of File - - 036B773A4CCD7DA128B30CAD34BCEF92

OTL
OTL logfile created on: 10/26/2009 2:26:03 PM - Run 4
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Doylechiro\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 257.51 Mb Available Physical Memory | 33.57% Memory free
1.46 Gb Paging File | 1.02 Gb Available in Paging File | 69.93% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 27.08 Gb Free Space | 36.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOCFW
Current User Name: Doylechiro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2009/10/16 13:13:18 | 01,170,768 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc [Auto | Running])
SRV - [2009/05/27 07:17:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/10/16 21:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto | Running])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/12/21 13:30:40 | 00,131,072 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/10/20 08:40:04 | 00,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Disabled | Stopped])
SRV - [2004/09/22 19:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS [Auto | Running])
SRV - [2004/01/08 17:41:40 | 00,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto | Stopped])
SRV - [2003/09/19 13:11:46 | 00,065,536 | ---- | M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/05/02 15:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/03/05 06:30:10 | 00,155,648 | ---- | M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe -- (SuperProServer [Auto | Running])
SRV - [2003/03/03 13:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2002/12/17 18:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto | Stopped])
SRV - [2002/12/17 18:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand | Stopped])
SRV - [2002/12/17 18:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2000/06/29 03:45:10 | 00,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-msgr&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo....r=ytff-msgr&p="


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/27 07:17:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 18:38:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2008/04/08 08:02:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/07/23 03:15:21 | 00,000,000 | ---D | M]

[2009/10/19 08:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions
[2009/10/19 08:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/12/29 18:36:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/19 08:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\staged-xpis
[2009/10/19 09:02:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/03/02 18:47:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/27 10:19:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2008/02/12 12:01:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/19 08:33:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/12 07:08:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/27 07:18:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2006/03/02 18:47:31 | 00,060,518 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/03/02 18:47:34 | 00,049,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/03/02 18:47:31 | 00,165,992 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/05/27 07:17:53 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2006/03/02 18:47:33 | 00,017,024 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll
[2006/03/02 18:47:38 | 00,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
[2006/03/02 18:47:38 | 00,000,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
[2006/03/02 18:47:38 | 00,001,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png
[2006/03/02 18:47:38 | 00,000,539 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src
[2006/03/02 18:47:38 | 00,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2006/03/02 18:47:38 | 00,001,007 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2006/03/02 18:47:38 | 00,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2006/03/02 18:47:38 | 00,001,056 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2006/03/02 18:47:38 | 00,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2006/03/02 18:47:38 | 00,000,718 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2006/03/02 18:47:38 | 00,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2006/03/02 18:47:38 | 00,001,122 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Chiro8000 v12 File Server.lnk = C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.acngroup...tivexviewer.cab (Crystal Report Viewer Control 9)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...147/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA} http://validate.meas...ASADownload.CAB (MDASADownload.Complete)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/03 16:22:14 | 00,000,000 | ---D | M] - C:\autodoc -- [ NTFS ]
O32 - AutoRun File - [2007/01/21 10:36:34 | 00,000,000 | ---D | M] - C:\Autodoc2 -- [ NTFS ]
O32 - AutoRun File - [2004/10/26 20:50:33 | 00,000,002 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/02 16:08:53 | 00,000,000 | ---D | M] - C:\autosync -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== LOP Check ==========

[2009/10/19 08:06:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/16 13:11:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2006/01/17 15:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2006/01/17 15:50:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2004/11/26 15:38:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2004/10/26 10:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2009/01/13 20:08:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2006/01/27 09:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/04/03 14:42:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/02/17 12:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2004/06/14 09:13:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/08/20 07:11:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2003/08/19 17:13:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/02/17 16:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2004/01/22 11:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2009/10/16 16:59:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/02/06 14:03:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/26 09:59:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Doylechiro\Application Data
[2007/01/10 12:56:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\ActiveDocs
[2008/09/26 12:51:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\FileZilla
[2006/09/27 12:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\G7PS
[2006/04/25 09:02:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Kana Solution
[2008/03/03 18:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\KompoZer
[2008/10/15 14:45:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\LinkManager 4.0
[2007/04/03 14:43:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\MSN6
[2008/02/17 12:07:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Nuance
[2009/01/27 13:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\OpenOffice.org
[2006/09/05 10:07:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\ScanSoft
[2008/03/24 11:52:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Viewpoint
[2009/10/26 13:50:23 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/10/16 14:40:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/10/26 13:53:19 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/10/26 13:55:41 | 00,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/10/26 14:25:06 | 00,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2009/10/18 03:06:01 | 00,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/10/26 13:48:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/26 13:55:34 | 00,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job
[2009/10/16 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job
[2009/10/26 09:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job
[2009/10/21 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job

========== Purity Check ==========


< End of report >



Step 3

The first file is my Office Mgmt software
I scanned it anyway incase you still needed it.


VirSCAN.org Scanned Report :
Scanned time : 2009/10/26 14:18:01 (CDT)
Scanner results: Scanners did not find malware!
File Name : FileServer.exe
File Size : 380928 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : ecc0d36de8cd608e79f801c991afa973
SHA1 : 6d254753a454018b5704356e1ca5303c4222cd15
Online report : http://virscan.org/r...318e753a41.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091027020148 2009-10-27 4.09 -
AhnLab V3 2009.10.24.00 2009.10.24 2009-10-24 0.91 -
AntiVir 8.2.1.44 7.1.6.151 2009-10-26 0.55 -
Antiy 2.0.18 20091026.3088324 2009-10-26 0.12 -
Arcavir 2009 200910261058 2009-10-26 0.04 -
Authentium 5.1.1 200910261248 2009-10-26 1.18 -
AVAST! 4.7.4 091026-0 2009-10-26 0.02 -
AVG 8.5.288 270.14.32/2460 2009-10-26 0.33 -
BitDefender 7.81008.4460746 7.28578 2009-10-27 3.86 -
CA (VET) 35.1.0 7082 2009-10-23 8.49 -
ClamAV 0.95.2 9941 2009-10-26 1.26 -
Comodo 3.12 2741 2009-10-26 0.76 -
CP Secure 1.3.0.5 2009.10.26 2009-10-26 0.08 -
Dr.Web 4.44.0.9170 2009.10.26 2009-10-26 6.00 -
F-Prot 4.4.4.56 20091026 2009-10-26 1.17 -
F-Secure 7.02.73807 2009.10.26.09 2009-10-26 8.78 -
Fortinet 2.81-3.120 10.989 2009-10-26 0.28 -
GData 19.8592/19.524 20091026 2009-10-26 5.70 -
ViRobot 20091026 2009.10.26 2009-10-26 0.41 -
Ikarus T3.1.01.72 2009.10.26.74276 2009-10-26 4.21 -
JiangMin 11.0.800 2009.10.26 2009-10-26 4.36 -
Kaspersky 5.5.10 2009.10.26 2009-10-26 0.07 -
KingSoft 2009.2.5.15 2009.10.26.18 2009-10-26 0.56 -
McAfee 5.3.00 5783 2009-10-26 3.37 -
Microsoft 1.5202 2009.10.26 2009-10-26 5.95 -
Norman 6.01.09 6.01.00 2009-10-26 4.01 -
Panda 9.05.01 2009.10.25 2009-10-25 3.77 -
Trend Micro 8.700-1004 6.578.05 2009-10-26 0.03 -
Quick Heal 10.00 2009.10.26 2009-10-26 1.31 -
Rising 20.0 21.53.04.00 2009-10-26 0.84 -
Sophos 3.00.1 4.46 2009-10-27 2.65 -
Sunbelt 5468 5468 2009-10-25 2.20 -
Symantec 1.3.0.24 20091026.007 2009-10-26 0.05 -
nProtect 20091026.02 6018743 2009-10-26 7.57 -
The Hacker 6.5.0.2 v00054 2009-10-26 0.81 -
VBA32 3.12.10.11 20091023.1519 2009-10-23 1.90 -
VirusBuster 4.5.11.10 10.112.80/2014774 2009-10-26 2.45 -



VirSCAN.org Scanned Report :
Scanned time : 2009/10/26 14:23:05 (CDT)
Scanner results: Scanners did not find malware!
File Name : BADECEE175.sys
File Size : 56 byte
File Type : data
MD5 : 878c0bae86ffff55c256df4b96fbfef5
SHA1 : c75dc6d36f75fa3a58f22da09c685b5cea526220
Online report : http://virscan.org/r...72264d286d.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091027020148 2009-10-27 4.06 -
AhnLab V3 2009.10.24.00 2009.10.24 2009-10-24 0.88 -
AntiVir 8.2.1.44 7.1.6.151 2009-10-26 0.25 -
Antiy 2.0.18 20091026.3088324 2009-10-26 0.12 -
Arcavir 2009 200910261058 2009-10-26 0.02 -
Authentium 5.1.1 200910261248 2009-10-26 1.19 -
AVAST! 4.7.4 091026-0 2009-10-26 0.00 -
AVG 8.5.288 270.14.32/2460 2009-10-26 0.31 -
BitDefender 7.81008.4460746 7.28578 2009-10-27 3.86 -
CA (VET) 35.1.0 7082 2009-10-23 8.11 -
ClamAV 0.95.2 9941 2009-10-26 0.00 -
Comodo 3.12 2741 2009-10-26 0.71 -
CP Secure 1.3.0.5 2009.10.26 2009-10-26 0.01 -
Dr.Web 4.44.0.9170 2009.10.26 2009-10-26 6.05 -
F-Prot 4.4.4.56 20091026 2009-10-26 1.16 -
F-Secure 7.02.73807 2009.10.26.09 2009-10-26 0.04 -
Fortinet 2.81-3.120 10.989 2009-10-26 0.18 -
GData 19.8592/19.524 20091026 2009-10-26 5.31 -
ViRobot 20091026 2009.10.26 2009-10-26 0.41 -
Ikarus T3.1.01.72 2009.10.26.74276 2009-10-26 4.21 -
JiangMin 11.0.800 2009.10.26 2009-10-26 4.19 -
Kaspersky 5.5.10 2009.10.26 2009-10-26 0.02 -
KingSoft 2009.2.5.15 2009.10.26.18 2009-10-26 0.57 -
McAfee 5.3.00 5783 2009-10-26 3.35 -
Microsoft 1.5202 2009.10.26 2009-10-26 5.98 -
Norman 6.01.09 6.01.00 2009-10-26 4.01 -
Panda 9.05.01 2009.10.25 2009-10-25 1.76 -
Trend Micro 8.700-1004 6.578.05 2009-10-26 0.02 -
Quick Heal 10.00 2009.10.26 2009-10-26 1.20 -
Rising 20.0 21.53.04.00 2009-10-26 0.27 -
Sophos 3.00.1 4.46 2009-10-27 2.62 -
Sunbelt 5468 5468 2009-10-25 1.61 -
Symantec 1.3.0.24 20091026.007 2009-10-26 0.17 -
nProtect 20091026.02 6018743 2009-10-26 7.69 -
The Hacker 6.5.0.2 v00054 2009-10-26 0.66 -
VBA32 3.12.10.11 20091023.1519 2009-10-23 1.90 -
VirusBuster 4.5.11.10 10.112.80/2014774 2009-10-26 2.42 -
  • 0

#9
andrewuk
Posted 26 October 2009 - 05:04 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

SQL Server could not find the default instance of MSQLSERVER- Please specify the name of an existing instance on the invocation of sqlservr.exe. If you believe your installation is corrupt or has been tampered with, uninstall the re-run setup to correct this problem.

we will deal with that later

in this post we will do some general scans to clear out the remnants and ensure nothing else sneaked onto your machine.

the scans will likely take 4 hours, quite possibly much longer. so just let them run.

we will also update your java.


====STEP 1====
Run OTL.exe by double clicking the icon on your desktop
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DA0F2EF5-88BB-4FE6-9192-8FDBCB9713BA}]

:Commands
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the log that it produces



====STEP 2====
Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


====STEP 3====
we will update and re-run your malwarebytes:

double click the malwarebytes icon on your desktop to open the program
  • on the tabs at the top, select Update and then press the Check for Updates button on that page. If an update is found, it will download and install the latest version.
  • once complete (a new version of malwarebytes may download) select the tab Scanner
  • select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



====STEP 4====
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
====STEP 5====
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts. A log will appear (JavaRa.log), no need to post the log in reply.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
====STEP 6====
Please do an online scan with Kaspersky WebScanner (this will identify any issues, we will clear them in the following post)

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Upgrading Java, if required:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u14-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u14-windows-i586.exe and select "Run as an Administrator.")
In your next reply could i see:
1. the OTL log
2. the malwarebytes log
3. the superantispyware log
4. the kaspersky log
5. some idea of how your machine is running now

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#10
bitterbuck
Posted 27 October 2009 - 08:36 AM

bitterbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
No OTL Log was created when step 1 was performed. I ran a new one (quick scan) and this is what it produced.

OTL Quick Scan

OTL logfile created on: 10/26/2009 7:59:22 PM - Run 5
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Doylechiro\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 287.07 Mb Available Physical Memory | 37.43% Memory free
1.46 Gb Paging File | 1.04 Gb Available in Paging File | 71.34% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 27.19 Gb Free Space | 36.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOCFW
Current User Name: Doylechiro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/19 13:48:29 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe
PRC - [2009/10/16 13:13:20 | 00,781,656 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/10/16 13:13:18 | 01,170,768 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/13 18:52:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/06/10 17:28:26 | 12,973,336 | ---- | M] () -- C:\Program Files\RegCure\RegCure.exe
PRC - [2009/05/27 07:17:52 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/27 07:17:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/04/21 22:34:24 | 12,314,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/11/05 22:59:00 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2008/10/16 21:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe
PRC - [2008/10/16 21:35:24 | 00,087,360 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/06/17 16:16:14 | 03,463,976 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/12/21 13:30:40 | 00,131,072 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
PRC - [2005/08/11 17:30:30 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/01/04 12:50:52 | 00,405,583 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
PRC - [2004/10/20 08:40:04 | 00,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2004/09/22 19:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe
PRC - [2004/01/08 17:41:40 | 00,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
PRC - [2003/09/19 13:11:46 | 00,065,536 | ---- | M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
PRC - [2003/08/19 17:21:01 | 00,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2003/06/24 10:46:30 | 00,245,760 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/05/02 15:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2003/03/05 06:30:10 | 00,155,648 | ---- | M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe
PRC - [2002/12/17 18:23:32 | 00,074,308 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
PRC - [2002/08/29 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2002/03/21 23:41:56 | 00,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
PRC - [2000/06/29 03:45:10 | 00,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2009/10/16 13:13:18 | 01,170,768 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc [Auto | Running])
SRV - [2009/05/27 07:17:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/10/16 21:35:28 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/24 19:46:10 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn [Auto | Running])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2008/02/18 11:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2007/12/21 13:30:40 | 00,131,072 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/10/20 08:40:04 | 00,010,328 | R--- | M] (America Online) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2004/10/15 15:54:14 | 00,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor [Disabled | Stopped])
SRV - [2004/09/22 19:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS [Auto | Running])
SRV - [2004/01/08 17:41:40 | 00,073,796 | ---- | M] (Smart Link) -- C:\WINDOWS\System32\slserv.exe -- (SLService [Auto | Running])
SRV - [2003/09/19 13:11:46 | 00,065,536 | ---- | M] (OLYMPUS Corporation) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/05/02 15:19:00 | 00,069,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/03/05 06:30:10 | 00,155,648 | ---- | M] () -- C:\Program Files\Rainbow Technologies\SPN Combo Installer\1.0.5\Server\WinNT\spnsrvnt.exe -- (SuperProServer [Auto | Running])
SRV - [2003/03/03 13:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2002/12/17 18:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [Auto | Stopped])
SRV - [2002/12/17 18:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT [On_Demand | Stopped])
SRV - [2002/12/17 18:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2000/06/29 03:45:10 | 00,052,224 | ---- | M] (Kenonic Controls Ltd.) -- C:\WINDOWS\System32\crypserv.exe -- (Crypkey License [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-msgr&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo....r=ytff-msgr&p="


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/27 07:17:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 18:38:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2008/04/08 08:02:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2009/07/23 03:15:21 | 00,000,000 | ---D | M]

[2009/10/19 08:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions
[2009/10/19 08:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/12/29 18:36:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/19 08:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\mozilla\Firefox\Profiles\1cq29ero.default\extensions\staged-xpis
[2009/10/19 09:02:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/03/02 18:47:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/06/27 10:19:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2008/02/12 12:01:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/19 08:33:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/12 07:08:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/27 07:18:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2006/03/02 18:47:31 | 00,060,518 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/03/02 18:47:34 | 00,049,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/03/02 18:47:31 | 00,165,992 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/05/27 07:17:53 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2006/03/02 18:47:33 | 00,017,024 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/04/08 08:02:19 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll
[2006/03/02 18:47:38 | 00,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
[2006/03/02 18:47:38 | 00,000,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
[2006/03/02 18:47:38 | 00,001,150 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png
[2006/03/02 18:47:38 | 00,000,539 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src
[2006/03/02 18:47:38 | 00,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2006/03/02 18:47:38 | 00,001,007 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2006/03/02 18:47:38 | 00,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2006/03/02 18:47:38 | 00,001,056 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2006/03/02 18:47:38 | 00,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2006/03/02 18:47:38 | 00,000,718 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2006/03/02 18:47:38 | 00,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2006/03/02 18:47:38 | 00,001,122 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Chiro8000 v12 File Server.lnk = C:\Program Files\Forte Systems\Chiro8000 v12\FileServer.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://www.acngroup...tivexviewer.cab (Crystal Report Viewer Control 9)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...147/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\g7ps {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/03 16:22:14 | 00,000,000 | ---D | M] - C:\autodoc -- [ NTFS ]
O32 - AutoRun File - [2007/01/21 10:36:34 | 00,000,000 | ---D | M] - C:\Autodoc2 -- [ NTFS ]
O32 - AutoRun File - [2004/10/26 20:50:33 | 00,000,002 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/02 16:08:53 | 00,000,000 | ---D | M] - C:\autosync -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/16 13:11:35 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/16 13:10:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/10/19 08:06:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/16 16:59:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/19 08:07:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Doylechiro\Application Data\Malwarebytes
[2009/10/19 08:04:17 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/19 08:06:51 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/16 17:24:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/10/16 17:17:01 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/10/26 19:54:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Doylechiro\Desktop\OTL logs
[2009/10/26 09:24:29 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/26 09:22:25 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/26 09:22:25 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/26 09:22:25 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/26 09:22:25 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/26 09:06:42 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/26 08:52:39 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/19 13:48:23 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe
[2009/10/19 13:42:19 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Doylechiro\Desktop\RootRepeal.exe
[2009/10/19 08:08:25 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doylechiro\Desktop\lllkkkiii-setup.exe
[2009/10/19 08:06:55 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/19 08:06:52 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/19 08:05:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/19 07:36:18 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\My Documents\TFC.exe
[2009/10/16 13:14:17 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

========== Files - Modified Within 14 Days ==========

[2009/10/26 20:07:56 | 00,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2009/10/26 19:52:44 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Doylechiro\Desktop\~$w Microsoft Word Document (4).doc
[2009/10/26 19:52:26 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Desktop\New Microsoft Word Document (4).doc
[2009/10/26 19:50:14 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/26 19:49:56 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/26 19:47:26 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/10/26 19:45:33 | 00,000,448 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/10/26 19:45:17 | 00,000,398 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (SmartDrawTrial).job
[2009/10/26 19:45:17 | 00,000,388 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Startup.job
[2009/10/26 19:45:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/26 19:44:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/26 19:39:31 | 00,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/10/26 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job
[2009/10/26 13:57:18 | 00,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/26 13:56:37 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/10/26 09:24:56 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2009/10/26 09:06:04 | 03,436,986 | R--- | M] () -- C:\Documents and Settings\Doylechiro\My Documents\ComboFix.exe
[2009/10/26 09:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job
[2009/10/26 07:31:10 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Desktop\settings.dat
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/23 12:33:23 | 00,002,119 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mat.gif
[2009/10/23 12:33:23 | 00,000,607 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mzn.gif
[2009/10/23 12:33:23 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mby.gif
[2009/10/19 13:48:29 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\Desktop\OTL.exe
[2009/10/19 13:42:19 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Doylechiro\Desktop\RootRepeal.exe
[2009/10/19 08:09:46 | 00,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/19 08:08:31 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Doylechiro\Desktop\lllkkkiii-setup.exe
[2009/10/19 08:04:26 | 00,000,800 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/19 08:04:23 | 00,000,644 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Desktop\NTREGOPT.lnk
[2009/10/19 08:04:22 | 00,000,625 | ---- | M] () -- C:\Documents and Settings\Doylechiro\Desktop\ERUNT.lnk
[2009/10/19 07:36:23 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doylechiro\My Documents\TFC.exe
[2009/10/18 03:06:01 | 00,000,382 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2009/10/16 17:24:27 | 00,000,853 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2009/10/16 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job
[2009/10/16 14:40:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/16 13:11:33 | 00,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/15 03:27:17 | 00,533,408 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/15 03:27:17 | 00,463,200 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/10/15 03:27:17 | 00,079,920 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/10/15 03:12:24 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files - No Company Name ==========
[2009/10/26 20:00:02 | 00,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2009/10/26 19:52:44 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Doylechiro\Desktop\~$w Microsoft Word Document (4).doc
[2009/10/26 19:52:26 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Desktop\New Microsoft Word Document (4).doc
[2009/10/26 09:24:55 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/26 09:24:43 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/26 09:22:25 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/26 09:22:25 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/26 09:22:25 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/26 09:22:25 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/26 09:22:25 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/26 09:05:53 | 03,436,986 | R--- | C] () -- C:\Documents and Settings\Doylechiro\My Documents\ComboFix.exe
[2009/10/26 07:31:10 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Desktop\settings.dat
[2009/10/19 08:06:59 | 00,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/19 08:04:26 | 00,000,800 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/19 08:04:23 | 00,000,644 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Desktop\NTREGOPT.lnk
[2009/10/19 08:04:22 | 00,000,625 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Desktop\ERUNT.lnk
[2009/10/16 17:30:12 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/16 17:24:27 | 00,000,853 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2009/10/16 15:02:38 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/10/16 13:15:04 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/16 13:11:33 | 00,000,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/15 10:22:59 | 00,002,119 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mat.gif
[2009/10/15 10:22:59 | 00,000,607 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mzn.gif
[2009/10/15 10:22:59 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\JiJFGm1Mby.gif
[2008/10/15 14:43:48 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\DM510.dll
[2008/02/17 12:35:24 | 00,004,114 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\SAS7_000.DAT
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/21 10:36:40 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/02 12:51:26 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/04/17 14:45:49 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\fusioncache.dat
[2006/03/10 09:54:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Doylechiro\Application Data\DESKTOP.INI
[2006/03/10 09:54:53 | 00,082,416 | ---- | C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/03/10 09:54:49 | 01,578,622 | -H-- | C] () -- C:\Documents and Settings\Doylechiro\Local Settings\Application Data\IconCache.db
[2006/01/27 09:25:39 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2006/01/17 15:58:04 | 00,000,056 | RHS- | C] () -- C:\WINDOWS\System32\BADECEE175.sys
[2006/01/17 15:41:52 | 00,003,350 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/09/29 15:00:21 | 00,000,340 | ---- | C] () -- C:\WINDOWS\ptlabels.ini
[2005/08/01 10:04:19 | 00,000,187 | ---- | C] () -- C:\WINDOWS\wiseftp.ini
[2005/04/11 14:49:25 | 00,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2005/03/03 09:17:05 | 00,000,428 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/31 16:08:30 | 00,000,032 | ---- | C] () -- C:\WINDOWS\concentr.ini
[2005/01/31 15:10:21 | 00,000,042 | ---- | C] () -- C:\WINDOWS\webica.ini
[2005/01/28 11:45:23 | 00,000,377 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/12/09 18:36:40 | 00,000,012 | ---- | C] () -- C:\WINDOWS\clocked.ini
[2004/11/30 11:04:03 | 00,000,072 | ---- | C] () -- C:\WINDOWS\WINTIME.INI
[2004/11/26 21:57:26 | 00,000,567 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2004/11/26 21:56:35 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\SAWZip.dll
[2004/11/26 21:56:35 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004/11/26 21:56:31 | 00,307,200 | ---- | C] () -- C:\WINDOWS\System32\AppointmentView.dll
[2004/11/26 21:56:27 | 00,345,088 | ---- | C] () -- C:\WINDOWS\System32\ShrLk21.dll
[2004/11/26 21:56:27 | 00,304,128 | ---- | C] () -- C:\WINDOWS\System32\KeyGen.dll
[2004/10/26 20:50:32 | 00,000,121 | ---- | C] () -- C:\WINDOWS\Lname.ini
[2004/10/26 20:50:29 | 00,000,482 | ---- | C] () -- C:\WINDOWS\HITLIST.INI
[2004/10/26 20:50:28 | 00,000,214 | ---- | C] () -- C:\WINDOWS\Browser.ini
[2004/10/26 10:19:45 | 00,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2004/09/03 08:49:07 | 00,000,039 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/09/03 08:42:34 | 00,000,045 | ---- | C] () -- C:\WINDOWS\IDIGFLGN.ini
[2004/07/17 15:06:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Dssole.INI
[2004/07/17 15:06:07 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2004/07/07 16:32:17 | 00,014,938 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2004/06/30 08:34:22 | 00,000,010 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/06/14 10:46:07 | 00,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2004/06/08 11:27:17 | 00,000,064 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/06/08 11:27:15 | 00,000,520 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/06/08 11:24:14 | 00,001,471 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/06/01 10:24:42 | 00,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/06/01 10:24:42 | 00,000,024 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/21 13:34:09 | 00,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2004/05/21 13:34:09 | 00,000,134 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2004/05/21 13:31:37 | 00,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2004/05/21 11:54:13 | 00,001,437 | ---- | C] () -- C:\WINDOWS\hpdj5800.ini
[2004/01/20 07:24:15 | 00,040,278 | ---- | C] () -- C:\Program Files\Copy of Patients.dat
[2003/11/04 11:39:18 | 00,000,005 | ---- | C] () -- C:\WINDOWS\SUPER.INI
[2003/10/20 16:00:28 | 00,000,832 | ---- | C] () -- C:\WINDOWS\efscan.ini
[2003/10/20 16:00:28 | 00,000,021 | ---- | C] () -- C:\WINDOWS\efaxview.ini
[2003/10/09 20:04:56 | 00,000,027 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/09/24 16:34:19 | 00,251,392 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2003/09/24 16:34:19 | 00,000,150 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini
[2003/09/24 16:34:13 | 00,010,092 | ---- | C] () -- C:\WINDOWS\exerpro.ini
[2003/09/22 17:13:17 | 00,000,773 | ---- | C] () -- C:\WINDOWS\BLST8.INI
[2003/09/20 11:18:22 | 00,000,173 | ---- | C] () -- C:\WINDOWS\srlink.ini
[2003/09/20 11:18:22 | 00,000,040 | ---- | C] () -- C:\WINDOWS\System32\sx96.ini
[2003/09/20 11:17:42 | 00,021,504 | ---- | C] () -- C:\WINDOWS\System32\docobj.dll
[2003/09/20 11:15:13 | 00,000,213 | ---- | C] () -- C:\WINDOWS\dgnsetup.ini
[2003/09/18 07:51:25 | 00,000,027 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2003/09/18 07:51:21 | 00,024,608 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2003/09/18 07:51:21 | 00,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2003/09/18 07:50:22 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32mkrc.dll
[2003/09/18 07:50:22 | 00,097,290 | ---- | C] () -- C:\WINDOWS\System32\Crp32dll.dll
[2003/09/18 07:50:17 | 01,073,152 | ---- | C] () -- C:\WINDOWS\System32\owl53v.dll
[2003/09/18 07:50:17 | 00,906,784 | ---- | C] () -- C:\WINDOWS\System32\Owl52f.dll
[2003/09/18 07:50:17 | 00,017,424 | ---- | C] () -- C:\WINDOWS\System32\FH_BMP.DLL
[2003/09/18 07:50:12 | 00,531,456 | ---- | C] () -- C:\WINDOWS\System32\Bdt52cf.dll
[2003/09/18 07:50:12 | 00,518,080 | ---- | C] () -- C:\WINDOWS\System32\bdt52c.dll
[2003/09/18 07:46:18 | 00,001,640 | ---- | C] () -- C:\WINDOWS\TrackMe.ini
[2003/09/16 10:07:26 | 00,000,036 | ---- | C] () -- C:\WINDOWS\BLST.INI
[2003/09/14 17:23:53 | 00,174,608 | ---- | C] () -- C:\WINDOWS\Tutility.dll
[2003/09/14 16:24:39 | 00,001,371 | ---- | C] () -- C:\WINDOWS\PM4W.INI
[2003/09/14 13:22:47 | 00,009,208 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2003/09/14 13:17:09 | 00,000,951 | ---- | C] () -- C:\WINDOWS\hpbvnstp.ini
[2003/08/19 17:22:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/19 17:17:56 | 00,000,885 | ---- | C] () -- C:\WINDOWS\lrun32.ini
[2003/08/19 17:16:47 | 00,001,143 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/19 17:11:52 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/19 17:00:08 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/19 16:49:32 | 00,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/09 09:38:12 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002/09/03 13:36:02 | 00,000,699 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 13:26:32 | 00,000,246 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/09/03 13:26:20 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2002/04/11 13:47:52 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 00:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2009/10/19 08:06:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/16 13:11:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2006/01/17 15:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2006/01/17 15:50:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel
[2004/11/26 15:38:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2004/10/26 10:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G7PS
[2009/01/13 20:08:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2006/01/27 09:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/04/03 14:42:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2008/02/17 12:02:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2004/06/14 09:13:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2009/08/20 07:11:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2003/08/19 17:13:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/02/17 16:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2004/01/22 11:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Support.com
[2009/10/16 16:59:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/02/06 14:03:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/26 09:59:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Doylechiro\Application Data
[2007/01/10 12:56:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\ActiveDocs
[2008/09/26 12:51:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\FileZilla
[2006/09/27 12:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\G7PS
[2006/04/25 09:02:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Kana Solution
[2008/03/03 18:46:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\KompoZer
[2008/10/15 14:45:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\LinkManager 4.0
[2007/04/03 14:43:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\MSN6
[2008/02/17 12:07:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Nuance
[2009/01/27 13:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\OpenOffice.org
[2006/09/05 10:07:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\ScanSoft
[2008/03/24 11:52:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Doylechiro\Application Data\Viewpoint
[2009/10/26 19:49:56 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/10/16 14:40:10 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/10/26 19:50:14 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/10/26 20:07:56 | 00,000,374 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2009/10/26 19:45:33 | 00,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2009/10/26 19:45:17 | 00,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Startup.job
[2009/10/18 03:06:01 | 00,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/10/26 19:45:08 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/26 19:45:17 | 00,000,398 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (SmartDrawTrial).job
[2009/10/16 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{A62B03E9-0DB1-4B15-92A7-381E8981FE71}_DOCFW_Dr. Cody Doyle.job
[2009/10/26 09:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{BED34167-2B86-49AB-8158-03E5F512279A}_DOCFW_Dr. Cody Doyle.job
[2009/10/26 16:00:00 | 00,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\{DE7218A9-6FB8-487E-B721-575F1A73A2C5}_DOCFW_Dr. Cody Doyle.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\oldnartvtmp.rtf: SummaryInformation
< End of report >

Step 2…


Step 3

MBAM

Malwarebytes' Anti-Malware 1.41
Database version: 3037
Windows 5.1.2600 Service Pack 3

10/27/2009 7:12:52 AM
mbam-log-2009-10-27 (07-12-52).txt

Scan type: Full Scan (C:\|)
Objects scanned: 250319
Time elapsed: 3 hour(s), 36 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1639\A0107909.exe (Rogue.ProofDefender) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1639\A0107915.dll (Rogue.ProofDefender) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1640\A0107940.exe (Rogue.ProofDefender) -> Quarantined and deleted successfully.
C:\Program Files\Webroot\Spy Sweeper\NDN01.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Step 4

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/27/2009 at 09:15 AM

Application Version : 4.29.1004

Core Rules Database Version : 4197
Trace Rules Database Version: 2107

Scan type : Complete Scan
Total Scan Time : 01:51:57

Memory items scanned : 553
Memory threats detected : 0
Registry items scanned : 8171
Registry threats detected : 0
File items scanned : 120000
File threats detected : 11

Adware.Tracking Cookie
.doubleclick.net [ C:\Documents and Settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Doylechiro\Application Data\Mozilla\Firefox\Profiles\1cq29ero.default\cookies.txt ]

Trojan.Agent/Gen-SuperFake
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\DOYLECHIRO\APPLICATION DATA\GMAIL\GORHV17911194.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1650\A0108528.EXE

Trojan.Vundo-Variant/F
C:\WINDOWS\SYSTEM32\CRP32DLL.DLL


Step 5
The link returned the following…. I stopped here because I do not want to mess anything up!

Error 403 - Forbidden

You tried to access a document for which you don't have privileges.

System is running better, no pop up now!
  • 0

Advertisements

#11
andrewuk
Posted 27 October 2009 - 10:32 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
move onto Step 6 - you may have to upgrade your Java for which the instructions are also in Step 6.

it would be advisable to upgrade your Java anyway.

andrewuk
  • 0

#12
bitterbuck
Posted 27 October 2009 - 08:34 PM

bitterbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
By the way, I want to thank you for taking the time to help me with this!!!!

Found another link for JavaRS, completed the step.....

If we can fix the SQL issue asap, that would help. I am unable to open an important program....



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, October 27, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, October 27, 2009 10:59:32
Records in database: 3089395
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 121143
Threats found: 5
Infected objects found: 14
Suspicious objects found: 0
Scan duration: 04:00:14


File name / Threat / Threats count
C:\Admin\antispy\ewido_micro.exe Infected: Trojan-Downloader.Win32.Genome.ooc 1
C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
C:\Documents and Settings\Doylechiro\Desktop\logmein.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1
C:\Program Files\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e 1
C:\Qoobox\Quarantine\C\Documents and Settings\Doylechiro\Application Data\Gmail\Shell32.dll.vir Infected: Trojan.Win32.FraudPack.vux 1
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1639\A0107898.dll Infected: Trojan.Win32.FraudPack.vux 1
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1639\A0107916.dll Infected: Trojan.Win32.FraudPack.vux 1
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1640\A0107935.dll Infected: Trojan.Win32.FraudPack.vux 1
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1642\A0107969.dll Infected: Trojan.Win32.FraudPack.vux 1
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1645\A0108202.dll Infected: Trojan.Win32.FraudPack.vux 1
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1646\A0108325.dll Infected: Trojan.Win32.FraudPack.vux 1
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1649\A0108453.dll Infected: Trojan.Win32.FraudPack.vux 1
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1649\A0108470.dll Infected: Trojan.Win32.FraudPack.vux 1
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1650\A0108511.dll Infected: Trojan.Win32.FraudPack.vux 1

Selected area has been scanned.
  • 0

#13
andrewuk
Posted 27 October 2009 - 09:07 PM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
do you recognise this file?

C:\Admin\antispy\ewido_micro.exe

it looks like it belongs to ewido anti-spyware microscanner, but i dont recognise the file path.

andrewuk
  • 0

#14
bitterbuck
Posted 27 October 2009 - 09:18 PM

bitterbuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
No, I do not know what it is.
  • 0

#15
andrewuk
Posted 28 October 2009 - 03:12 AM

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Run OTL.exe by double clicking the icon on your desktop
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Files
C:\Admin\antispy\ewido_micro.exe

:Commands
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the log that it produces

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP