Google redirect virus [Closed] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Google redirect virus [Closed]

#1 trixbit

  • Group: Member
  • Posts: 5
  • Joined: 27-November 09

Posted 27 November 2009 - 03:57 AM

Hi guyz. I can see lots of you are having this trouble, so i am one of you :). In past few days my google started to redirect me to russian sites. I have red few solved topics, but it doesnt helped me. I used combofix and i thought i am clean now, but no... Now i must find some info in google and i just can't. I have just ran hijackthis and this is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:16, on 2009.11.27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6400 bytes

#2 hammerman

  • Group: Member
  • Posts: 4,183
  • Joined: 28-November 08

Posted 27 November 2009 - 07:19 AM

Hello trixbit and welcome to GeeksToGo :)
I'm hammerman and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
  • Please do no attach logs or post them in Quote/Code boxes unless requested.
  • When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
  • If in doubt about anything, please ask.


Please post your last Combofix log and follow these steps.

-- Step 1 --

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    /md5stop
    CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


-- Step 2 --

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

#3 trixbit

  • Group: Member
  • Posts: 5
  • Joined: 27-November 09

Posted 27 November 2009 - 11:39 AM

i have done what have you asked and here is the results:
GMER:
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-27 19:37:29
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\PC\LOCALS~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT 890938A0 ZwAssignProcessToJobObject
SSDT 89092CB0 ZwOpenProcess
SSDT 890930D0 ZwOpenThread
SSDT 890936D0 ZwSuspendProcess
SSDT 890934F0 ZwSuspendThread
SSDT 89092EE0 ZwTerminateProcess
SSDT 89093310 ZwTerminateThread

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9A3D000, 0x1C5D38, 0xE8000020]
init C:\games\lineage 2\system\npkcusb.sys entry point in "init" section [0xB88AF0E0]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[256] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:376] 89091930

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

then OTL.txt:
OTL logfile created on: 2009.11.27 18:23:48 - Run 1
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Documents and Settings\PC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000427 | Country: Lithuania | Language: LTH | Date Format: yyyy.MM.dd

1,50 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 61,93% Memory free
3,35 Gb Paging File | 2,86 Gb Available in Paging File | 85,12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76,68 Gb Total Space | 47,67 Gb Free Space | 62,17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 372,61 Gb Total Space | 84,28 Gb Free Space | 22,62% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: PC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\PC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\PC\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (mi-raysat_3dsmax2010_32) -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)


========== Driver Services (SafeList) ==========

DRV - (PsSdkLBF) -- C:\WINDOWS\system32\drivers\pssdklbf.sys (microOLAP Technologies LTD)
DRV - (PsSdk40) -- C:\WINDOWS\system32\drivers\pssdk40.sys (microOLAP Technologies LTD)
DRV - (8b5e71cd) -- C:\WINDOWS\System32\drivers\8b5e71cd.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (npkcrypt) -- C:\games\lineage 2\system\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV - (npkcusb) -- C:\games\lineage 2\system\npkcusb.sys (INCA Internet Co., Ltd.)
DRV - (FETNDISB) -- C:\WINDOWS\system32\drivers\dlkfet5b.sys (D-Link )
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A1 17 0B 2B C8 AA 91 4A 9E 65 57 A3 82 9E B8 ED [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {2a84e607-acb9-4dac-a5e4-9ac9486c180f}:1.0
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.10.06 20:07:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.10.06 16:39:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.06 19:34:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.06 19:34:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.10.04 13:47:34 | 00,000,000 | ---D | M]

[2009.10.04 13:46:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Extensions
[2009.11.26 21:24:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions
[2009.10.06 20:35:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.04 20:09:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions\{2a84e607-acb9-4dac-a5e4-9ac9486c180f}
[2009.10.04 19:04:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.11.26 21:24:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions\youtube2mp3@mondayx.de
[2009.11.26 20:46:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.10.06 16:44:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2006.10.26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

O1 HOSTS File: (776 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.04 13:06:22 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.10.04 15:34:23 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {732A8D34-EC3F-86F4-F667-2E548AD2D29D} - Microsoft Windows Media Player 6.4
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {7B08F93B-C605-FDBE-8927-C9C8DA278298} - Microsoft Windows Media Player 6.4
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CEEB6A64-0C34-EA9D-8A59-7F0377AC9330} - Offline Browsing Pack
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D2897672-D32E-9BCD-CB12-0CF537016265} - Themes Setup
ActiveX: {D5A0A977-AE09-E02C-F37A-C1EEF0D4D902} - Java (Sun)
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55735494247448576)

========== Files/Folders - Created Within 30 Days ==========

[2009.11.27 18:21:39 | 00,532,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PC\Desktop\OTL.exe
[2009.11.27 11:42:22 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009.11.27 11:34:31 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009.11.27 11:30:23 | 00,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\PC\Desktop\KillBox.exe
[2009.11.27 10:39:16 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\PC\Recent
[2009.11.26 18:37:36 | 00,053,312 | ---- | C] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdklbf.sys
[2009.11.26 18:37:36 | 00,036,928 | ---- | C] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk40.sys
[2009.11.26 18:35:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\gers
[2009.11.25 12:41:28 | 00,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll
[2009.11.25 12:41:25 | 00,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2009.11.24 21:47:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\screen
[2009.11.22 10:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\New Folder
[2009.11.21 21:18:09 | 03,369,044 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2009.11.21 21:18:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2009.11.21 21:15:45 | 00,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2009.11.21 20:52:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Application Data\InstallShield
[2009.11.19 20:36:51 | 00,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2009.11.18 18:31:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\ist
[2009.11.16 22:06:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\klik
[2009.11.16 13:14:51 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009.11.16 13:14:51 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009.11.16 13:14:51 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009.11.14 11:34:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Local Settings\Application Data\Fps
[2009.11.14 11:34:07 | 00,000,000 | ---D | C] -- C:\Program Files\FPS
[2009.11.14 11:13:19 | 00,000,000 | ---D | C] -- C:\FPC
[2009.11.12 15:31:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\klik2
[2009.11.08 12:51:01 | 00,000,000 | ---D | C] -- C:\Program Files\Proxy Switcher Standard
[2009.11.08 12:43:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WNR
[2009.11.08 12:43:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Application Data\WNR
[2009.11.04 13:58:59 | 00,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\hamachi.sys
[2009.11.04 13:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2009.11.02 22:17:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Local Settings\Application Data\PCHealth
[2009.11.01 12:23:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Application Data\runic games
[2009.11.01 12:04:45 | 00,000,000 | ---D | C] -- C:\Program Files\Runic Games
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009.11.27 18:22:22 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PC\Desktop\OTL.exe
[2009.11.27 14:00:46 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.11.27 14:00:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.11.27 14:00:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.11.27 13:57:33 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\PC\NTUSER.DAT
[2009.11.27 13:57:33 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\PC\ntuser.ini
[2009.11.27 13:45:18 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\PC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.27 11:42:25 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\HijackThis.lnk
[2009.11.27 11:30:25 | 00,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\PC\Desktop\KillBox.exe
[2009.11.26 21:56:32 | 00,000,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.11.26 18:48:04 | 00,002,559 | ---- | M] () -- C:\WINDOWS\l2control.ini
[2009.11.26 18:37:36 | 00,053,312 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdklbf.sys
[2009.11.26 18:37:36 | 00,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk40.sys
[2009.11.26 18:30:28 | 01,326,364 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\gers.rar
[2009.11.26 16:22:05 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.11.26 16:13:26 | 03,577,118 | R--- | M] () -- C:\Documents and Settings\PC\Desktop\Combo-Fix.exe
[2009.11.25 16:17:58 | 00,139,045 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Shot00004.jpg
[2009.11.25 16:17:54 | 00,157,138 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Shot00005.jpg
[2009.11.25 12:41:31 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Cheat Engine.lnk
[2009.11.25 12:28:20 | 03,056,578 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Linkin_Park_Across_The_Line_(LPU9)_-_www.linkinpark-fans.com.mp3
[2009.11.22 21:44:06 | 00,668,535 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Picture 1042.jpg
[2009.11.22 10:56:42 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Lin]e[age L2Java.com.lnk
[2009.11.22 10:27:25 | 00,069,888 | ---- | M] () -- C:\Documents and Settings\PC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009.11.22 10:27:11 | 00,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.11.21 21:25:34 | 00,000,995 | ---- | M] () -- C:\WINDOWS\ARPR.INI
[2009.11.21 11:54:04 | 00,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2009.11.20 15:49:58 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009.11.16 21:35:42 | 01,528,103 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Growing Marijuana Song (Very Funny).mp3
[2009.11.16 21:28:37 | 05,035,167 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\projektas naujasn2.swf
[2009.11.15 19:55:31 | 00,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.11.15 19:55:31 | 00,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.11.15 19:55:30 | 00,523,110 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.11.14 11:34:31 | 00,000,610 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\FPS 0.6.4a.lnk
[2009.11.14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009.11.11 22:05:14 | 02,978,004 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Ievyte-one.lt.mp3
[2009.11.10 21:38:00 | 00,798,720 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\ftweak-hex.exe
[2009.11.04 22:03:36 | 00,179,660 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\LaivuKovos.rar
[2009.11.04 17:11:42 | 00,010,946 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Autumn.docx
[2009.10.30 17:35:29 | 04,322,578 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\foo fighters - the pretender.mp3
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009.11.27 11:42:25 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\HijackThis.lnk
[2009.11.26 18:41:35 | 00,002,559 | ---- | C] () -- C:\WINDOWS\l2control.ini
[2009.11.26 18:29:16 | 01,326,364 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\gers.rar
[2009.11.26 16:16:00 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009.11.26 16:12:18 | 03,577,118 | R--- | C] () -- C:\Documents and Settings\PC\Desktop\Combo-Fix.exe
[2009.11.25 16:17:28 | 00,139,045 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Shot00004.jpg
[2009.11.25 16:17:26 | 00,157,138 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Shot00005.jpg
[2009.11.25 12:41:31 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Cheat Engine.lnk
[2009.11.25 12:41:28 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009.11.25 12:18:23 | 03,056,578 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Linkin_Park_Across_The_Line_(LPU9)_-_www.linkinpark-fans.com.mp3
[2009.11.22 21:42:29 | 00,668,535 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Picture 1042.jpg
[2009.11.21 21:16:35 | 00,000,730 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Lin]e[age L2Java.com.lnk
[2009.11.21 21:15:45 | 00,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2009.11.19 20:37:02 | 00,000,995 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2009.11.16 21:26:00 | 05,035,167 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\projektas naujasn2.swf
[2009.11.16 21:24:56 | 01,528,103 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Growing Marijuana Song (Very Funny).mp3
[2009.11.14 11:34:31 | 00,000,610 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\FPS 0.6.4a.lnk
[2009.11.12 16:51:25 | 00,092,487 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\BALDU specifikacija.xlsx
[2009.11.11 21:59:57 | 02,978,004 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Ievyte-one.lt.mp3
[2009.11.10 21:37:39 | 00,798,720 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\ftweak-hex.exe
[2009.11.04 22:03:36 | 00,179,660 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\LaivuKovos.rar
[2009.10.31 23:12:37 | 03,063,157 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\asdasdasd.JPG
[2009.10.31 18:41:15 | 00,010,946 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Autumn.docx
[2009.10.30 12:37:12 | 04,322,578 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\foo fighters - the pretender.mp3
[2009.10.21 12:46:26 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.10.11 10:50:10 | 00,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009.10.10 19:05:23 | 00,000,276 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mw2mmgr.inc
[2009.10.10 19:05:07 | 00,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mw2mmgr.txt
[2009.10.05 11:49:57 | 00,070,144 | ---- | C] () -- C:\Documents and Settings\PC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.04 19:10:47 | 00,002,128 | ---- | C] () -- C:\Documents and Settings\PC\Local Settings\Application Data\A50EA9D9-D648-4B62-A93F-05D6AA5867F4.txt
[2009.10.04 14:04:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\8b5e71cd.sys
[2009.10.04 13:39:11 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009.10.04 13:38:23 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009.10.04 13:38:18 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009.10.04 13:33:42 | 00,002,503 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.10.04 13:33:41 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.10.04 13:28:52 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\PC\Local Settings\Application Data\fusioncache.dat
[2009.10.04 13:25:11 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2009.10.04 13:25:11 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2009.10.04 13:25:11 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2009.10.04 13:25:11 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2009.10.04 13:25:11 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2009.10.04 13:25:11 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2009.10.04 13:25:11 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2009.10.04 13:25:11 | 00,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2009.10.04 13:25:11 | 00,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009.10.04 13:25:10 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2009.08.02 23:21:54 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.08.02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.08.02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.04.14 14:00:00 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\sanzkqn.dll
[2006.10.27 15:26:56 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< MD5 for: ATAPI.SYS >
[2008.04.13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 14:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 14:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 14:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >

and finally extras.txt:
OTL Extras logfile created on: 2009.11.27 18:23:48 - Run 1
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Documents and Settings\PC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000427 | Country: Lithuania | Language: LTH | Date Format: yyyy.MM.dd

1,50 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 61,93% Memory free
3,35 Gb Paging File | 2,86 Gb Available in Paging File | 85,12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76,68 Gb Total Space | 47,67 Gb Free Space | 62,17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 372,61 Gb Total Space | 84,28 Gb Free Space | 22,62% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: PC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"7777:TCP" = 7777:TCP:*:Enabled:boder1
"28900:TCP" = 28900:TCP:*:Enabled:boder2
"27900:UDP" = 27900:UDP:*:Enabled:boder3
"28910:TCP" = 28910:TCP:*:Enabled:boder4
"6500:TCP" = 6500:TCP:*:Enabled:boder5
"9989:TCP" = 9989:TCP:*:Enabled:boder6
"28902:TCP" = 28902:TCP:*:Enabled:boder7
"6112:TCP" = 6112:TCP:*:Enabled:asd

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:ĩTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2010 32-bit -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" = C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:*:Enabled:mental ray satellite server for Autodesk 3ds Max 2010 32-bit -- ()
"C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe" = C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:*:Enabled:mental ray satellite for Autodesk 3ds Max 2010 32-bit -- (mental images GmbH)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"E:\games\borderlands\Binaries\Borderlands.exe" = E:\games\borderlands\Binaries\Borderlands.exe:*:Enabled:Borderlands -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe" = C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe:*:Enabled:Proxy Switcher -- (Proxy Switcher)
"C:\Documents and Settings\PC\Desktop\New Folder\L2Walker 1.79 (1.78 fixed for Interlude)\l2fork\L2Fork.exe" = C:\Documents and Settings\PC\Desktop\New Folder\L2Walker 1.79 (1.78 fixed for Interlude)\l2fork\L2Fork.exe:*:Enabled:L2Fork -- (.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}" = Lineage II
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 17
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{71D4305B-56E6-4971-A799-FB7678A1D1AB}" = ASUS ATI Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9629C9A1-74F7-4DD0-B99B-9066925E63F8}" = D-Link DFE520TX
"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = RTLSetup for Realtek RTL8139/810x Family NIC 3.00
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A89D4ADB-754D-4A93-B612-F596D02EBA93}" = Anglonas
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C7AA2F42-B05F-4703-9008-4B33708FDAD1}" = PC Connectivity Solution
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDF97135-7FD2-4289-96B8-DD4505267ACD}" = ESET NOD32 Antivirus
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS4_is1" = Adobe Photoshop CS4
"Advanced RAR Password Recovery" = Advanced RAR Password Recovery (remove only)
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"CCleaner" = CCleaner (remove only)
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{9629C9A1-74F7-4DD0-B99B-9066925E63F8}" = D-Link DFE520TX
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Basic)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PowerISO" = PowerISO
"ProxySwitcher Standard_is1" = ProxySwitcher Standard
"Runic Games Torchlight" = Torchlight
"secretmaryo" = Secret Maryo Chronicles
"ULTIMATER" = Microsoft Office Ultimate 2007
"uTorrent" = ĩTorrent
"VN_VUIns_Rhine_D-Link" = D-Link PCI Fast Ethernet Adapter
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FPS06x" = FPS 0.6.4a

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009.11.12 09:28:12 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application automouseclicker.exe, version 1.40.0.0, faulting
module automouseclicker.exe, version 1.40.0.0, fault address 0x000132d4.

Error - 2009.11.12 09:29:34 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application automouseclicker.exe, version 1.40.0.0, faulting
module automouseclicker.exe, version 1.40.0.0, fault address 0x000132d4.

Error - 2009.11.12 09:39:52 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application automouseclicker.exe, version 1.40.0.0, faulting
module automouseclicker.exe, version 1.40.0.0, fault address 0x000132d4.

Error - 2009.11.16 09:13:25 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Hanging application QuickTimePlayer.exe, version 7.1.6.200, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2009.11.22 04:42:30 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application l2walker.exe, version 1.0.7.7, faulting module
l2walker.exe, version 1.0.7.7, fault address 0x00016160.

Error - 2009.11.22 15:39:26 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application l2.exe, version 0.0.0.0, faulting module engine.dll,
version 0.0.0.0, fault address 0x00120ab0.

Error - 2009.11.24 15:48:20 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application l2walker.exe, version 0.2.0.4, faulting module
l2walker.exe, version 0.2.0.4, fault address 0x0012b05c.

Error - 2009.11.24 15:48:23 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Faulting application l2walker.exe, version 0.2.0.4, faulting module
l2walker.exe, version 0.2.0.4, fault address 0x0012b05c.

Error - 2009.11.26 10:16:34 | Computer Name = PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 2009.11.26 10:16:35 | Computer Name = PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 2009.11.11 10:46:22 | Computer Name = PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 2009.11.12 10:52:51 | Computer Name = PC | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 2009.11.12 10:52:40 | Computer Name = PC | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 2009.11.16 09:37:52 | Computer Name = PC | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 2009.11.17 13:46:42 | Computer Name = PC | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 2009.11.23 06:02:04 | Computer Name = PC | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 2009.11.23 06:44:09 | Computer Name = PC | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{2B2CBDD8-519D-40A5-946A-3A8D7B44BF18}. The
backup browser is stopping.

Error - 2009.11.26 06:48:51 | Computer Name = PC | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 2009.11.26 06:42:30 | Computer Name = PC | Source = EventLog | ID = 6004
Description = A driver packet received from the I/O subsystem was invalid. The
data is the packet.

Error - 2009.11.26 10:16:41 | Computer Name = PC | Source = Service Control Manager | ID = 7034
Description = The mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit
service terminated unexpectedly. It has done this 1 time(s).


< End of report >

#4 hammerman

  • Group: Member
  • Posts: 4,183
  • Joined: 28-November 08

Posted 27 November 2009 - 01:35 PM

Hi,

Please follow these steps.

-- Step 1 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
DRV - (8b5e71cd) -- C:\WINDOWS\System32\drivers\8b5e71cd.sys ()

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.


-- Step 2 --

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


-- Step 3 --

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

-- Step 4 --
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\WINDOWS\System32\sanzkqn.dll


  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

#5 trixbit

  • Group: Member
  • Posts: 5
  • Joined: 27-November 09

Posted 28 November 2009 - 03:31 AM

hi, all logs:
OTL:
All processes killed
========== OTL ==========
Service 8b5e71cd stopped successfully!
Service 8b5e71cd deleted successfully!
C:\WINDOWS\system32\drivers\8b5e71cd.sys moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: PC
->Temp folder emptied: 1272925 bytes
->Temporary Internet Files folder emptied: 12824439 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 103428419 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2557692 bytes
%systemroot%\System32 .tmp files removed: 2832913 bytes
Windows Temp folder emptied: 649699 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 905016 bytes

Total Files Cleaned = 118,86 mb


OTL by OldTimer - Version 3.1.11.0 log created on 11272009_222149

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
-------
OTL logfile created on: 2009.11.27 22:15:23 - Run 2
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Documents and Settings\PC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000427 | Country: Lithuania | Language: LTH | Date Format: yyyy.MM.dd

1,50 Gb Total Physical Memory | 1,03 Gb Available Physical Memory | 69,02% Memory free
3,35 Gb Paging File | 2,97 Gb Available in Paging File | 88,48% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76,68 Gb Total Space | 47,64 Gb Free Space | 62,13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 372,61 Gb Total Space | 84,28 Gb Free Space | 22,62% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: PC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\PC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\PC\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (mi-raysat_3dsmax2010_32) -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)


========== Driver Services (SafeList) ==========

DRV - (PsSdkLBF) -- C:\WINDOWS\system32\drivers\pssdklbf.sys (microOLAP Technologies LTD)
DRV - (PsSdk40) -- C:\WINDOWS\system32\drivers\pssdk40.sys (microOLAP Technologies LTD)
DRV - (8b5e71cd) -- C:\WINDOWS\System32\drivers\8b5e71cd.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (npkcrypt) -- C:\games\lineage 2\system\npkcrypt.sys (INCA Internet Co., Ltd.)
DRV - (npkcusb) -- C:\games\lineage 2\system\npkcusb.sys (INCA Internet Co., Ltd.)
DRV - (FETNDISB) -- C:\WINDOWS\system32\drivers\dlkfet5b.sys (D-Link )
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (asuskbnt) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\R8139n51.sys (Realtek Semiconductor Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A1 17 0B 2B C8 AA 91 4A 9E 65 57 A3 82 9E B8 ED [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {2a84e607-acb9-4dac-a5e4-9ac9486c180f}:1.0
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.10.06 20:07:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.10.06 16:39:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.06 19:34:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.06 19:34:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.10.04 13:47:34 | 00,000,000 | ---D | M]

[2009.10.04 13:46:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Extensions
[2009.11.27 21:42:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions
[2009.10.06 20:35:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.04 20:09:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions\{2a84e607-acb9-4dac-a5e4-9ac9486c180f}
[2009.10.04 19:04:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.11.26 21:24:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions\youtube2mp3@mondayx.de
[2009.11.27 21:42:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.10.06 16:44:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2006.10.26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

O1 HOSTS File: (776 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.04 13:06:22 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.11.27 18:21:39 | 00,532,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PC\Desktop\OTL.exe
[2009.11.27 11:42:22 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009.11.27 11:34:31 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009.11.27 10:39:16 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\PC\Recent
[2009.11.26 18:37:36 | 00,053,312 | ---- | C] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdklbf.sys
[2009.11.26 18:37:36 | 00,036,928 | ---- | C] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk40.sys
[2009.11.26 18:35:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\gers
[2009.11.25 12:41:28 | 00,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll
[2009.11.25 12:41:25 | 00,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2009.11.24 21:47:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\screen
[2009.11.22 10:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\New Folder
[2009.11.21 21:18:09 | 03,369,044 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2009.11.21 21:18:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2009.11.21 21:15:45 | 00,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2009.11.21 20:52:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Application Data\InstallShield
[2009.11.19 20:36:51 | 00,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2009.11.18 18:31:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\ist
[2009.11.16 22:06:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\klik
[2009.11.16 13:14:51 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009.11.16 13:14:51 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009.11.16 13:14:51 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009.11.14 11:34:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Local Settings\Application Data\Fps
[2009.11.14 11:34:07 | 00,000,000 | ---D | C] -- C:\Program Files\FPS
[2009.11.14 11:13:19 | 00,000,000 | ---D | C] -- C:\FPC
[2009.11.12 15:31:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\klik2
[2009.11.08 12:51:01 | 00,000,000 | ---D | C] -- C:\Program Files\Proxy Switcher Standard
[2009.11.08 12:43:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WNR
[2009.11.08 12:43:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Application Data\WNR
[2009.11.04 13:58:59 | 00,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\hamachi.sys
[2009.11.04 13:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2009.11.02 22:17:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Local Settings\Application Data\PCHealth
[2009.11.01 12:23:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Application Data\runic games
[2009.11.01 12:04:45 | 00,000,000 | ---D | C] -- C:\Program Files\Runic Games
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009.11.27 18:38:13 | 00,284,153 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\gmer.zip
[2009.11.27 18:22:22 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PC\Desktop\OTL.exe
[2009.11.27 14:00:46 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.11.27 14:00:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.11.27 14:00:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.11.27 13:57:33 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\PC\NTUSER.DAT
[2009.11.27 13:57:33 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\PC\ntuser.ini
[2009.11.27 13:45:18 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\PC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.27 11:42:25 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\HijackThis.lnk
[2009.11.26 21:56:32 | 00,000,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.11.26 18:48:04 | 00,002,559 | ---- | M] () -- C:\WINDOWS\l2control.ini
[2009.11.26 18:37:36 | 00,053,312 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdklbf.sys
[2009.11.26 18:37:36 | 00,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk40.sys
[2009.11.26 18:30:28 | 01,326,364 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\gers.rar
[2009.11.26 16:22:05 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.11.26 16:13:26 | 03,577,118 | R--- | M] () -- C:\Documents and Settings\PC\Desktop\Combo-Fix.exe
[2009.11.25 16:17:58 | 00,139,045 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Shot00004.jpg
[2009.11.25 16:17:54 | 00,157,138 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Shot00005.jpg
[2009.11.25 12:41:31 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Cheat Engine.lnk
[2009.11.25 12:28:20 | 03,056,578 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Linkin_Park_Across_The_Line_(LPU9)_-_www.linkinpark-fans.com.mp3
[2009.11.22 21:44:06 | 00,668,535 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Picture 1042.jpg
[2009.11.22 10:56:42 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Lin]e[age L2Java.com.lnk
[2009.11.22 10:27:25 | 00,069,888 | ---- | M] () -- C:\Documents and Settings\PC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009.11.22 10:27:11 | 00,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.11.21 21:25:34 | 00,000,995 | ---- | M] () -- C:\WINDOWS\ARPR.INI
[2009.11.21 12:17:18 | 00,292,352 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\gmer.exe
[2009.11.21 11:54:04 | 00,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2009.11.20 15:49:58 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009.11.16 21:35:42 | 01,528,103 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Growing Marijuana Song (Very Funny).mp3
[2009.11.16 21:28:37 | 05,035,167 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\projektas naujasn2.swf
[2009.11.15 19:55:31 | 00,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.11.15 19:55:31 | 00,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.11.15 19:55:30 | 00,523,110 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.11.14 11:34:31 | 00,000,610 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\FPS 0.6.4a.lnk
[2009.11.14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009.11.11 22:05:14 | 02,978,004 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Ievyte-one.lt.mp3
[2009.11.10 21:38:00 | 00,798,720 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\ftweak-hex.exe
[2009.11.04 22:03:36 | 00,179,660 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\LaivuKovos.rar
[2009.11.04 17:11:42 | 00,010,946 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Autumn.docx
[2009.10.30 17:35:29 | 04,322,578 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\foo fighters - the pretender.mp3
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009.11.27 18:38:27 | 00,292,352 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\gmer.exe
[2009.11.27 18:38:12 | 00,284,153 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\gmer.zip
[2009.11.27 11:42:25 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\HijackThis.lnk
[2009.11.26 18:41:35 | 00,002,559 | ---- | C] () -- C:\WINDOWS\l2control.ini
[2009.11.26 18:29:16 | 01,326,364 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\gers.rar
[2009.11.26 16:16:00 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009.11.26 16:12:18 | 03,577,118 | R--- | C] () -- C:\Documents and Settings\PC\Desktop\Combo-Fix.exe
[2009.11.25 16:17:28 | 00,139,045 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Shot00004.jpg
[2009.11.25 16:17:26 | 00,157,138 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Shot00005.jpg
[2009.11.25 12:41:31 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Cheat Engine.lnk
[2009.11.25 12:41:28 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009.11.25 12:18:23 | 03,056,578 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Linkin_Park_Across_The_Line_(LPU9)_-_www.linkinpark-fans.com.mp3
[2009.11.22 21:42:29 | 00,668,535 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Picture 1042.jpg
[2009.11.21 21:16:35 | 00,000,730 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Lin]e[age L2Java.com.lnk
[2009.11.21 21:15:45 | 00,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2009.11.19 20:37:02 | 00,000,995 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2009.11.16 21:26:00 | 05,035,167 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\projektas naujasn2.swf
[2009.11.16 21:24:56 | 01,528,103 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Growing Marijuana Song (Very Funny).mp3
[2009.11.14 11:34:31 | 00,000,610 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\FPS 0.6.4a.lnk
[2009.11.12 16:51:25 | 00,092,487 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\BALDU specifikacija.xlsx
[2009.11.11 21:59:57 | 02,978,004 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Ievyte-one.lt.mp3
[2009.11.10 21:37:39 | 00,798,720 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\ftweak-hex.exe
[2009.11.04 22:03:36 | 00,179,660 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\LaivuKovos.rar
[2009.10.31 23:12:37 | 03,063,157 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\asdasdasd.JPG
[2009.10.31 18:41:15 | 00,010,946 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Autumn.docx
[2009.10.30 12:37:12 | 04,322,578 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\foo fighters - the pretender.mp3
[2009.10.21 12:46:26 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.10.11 10:50:10 | 00,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009.10.10 19:05:23 | 00,000,276 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mw2mmgr.inc
[2009.10.10 19:05:07 | 00,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mw2mmgr.txt
[2009.10.05 11:49:57 | 00,070,144 | ---- | C] () -- C:\Documents and Settings\PC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.04 19:10:47 | 00,002,128 | ---- | C] () -- C:\Documents and Settings\PC\Local Settings\Application Data\A50EA9D9-D648-4B62-A93F-05D6AA5867F4.txt
[2009.10.04 14:04:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\8b5e71cd.sys
[2009.10.04 13:39:11 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009.10.04 13:38:23 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009.10.04 13:38:18 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009.10.04 13:33:42 | 00,002,503 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.10.04 13:33:41 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.10.04 13:28:52 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\PC\Local Settings\Application Data\fusioncache.dat
[2009.10.04 13:25:11 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2009.10.04 13:25:11 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2009.10.04 13:25:11 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2009.10.04 13:25:11 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2009.10.04 13:25:11 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2009.10.04 13:25:11 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2009.10.04 13:25:11 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2009.10.04 13:25:11 | 00,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2009.10.04 13:25:11 | 00,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009.10.04 13:25:10 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2009.08.02 23:21:54 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.08.02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.08.02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.04.14 14:00:00 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\sanzkqn.dll
[2006.10.27 15:26:56 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

========== Custom Scans ==========


< :OTL >

< DRV - (8b5e71cd) -- C:\WINDOWS\System32\drivers\8b5e71cd.sys () >

< >

< :Services >

< >

< :Reg >

< >

< :Files >

< >

< :Commands >

< [purity] >

< [emptytemp] >

< [start explorer] >

< [Reboot] >
< End of report >

then gooredfix:
GooredFix by jpshortstuff (26.11.09.1)
Log created at 10:20 on 28/11/2009 (PC)
Firefox version 3.5.5 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [11:45 04/10/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [14:39 06/10/2009]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [14:44 06/10/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [11:14 16/11/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [16:49 05/10/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [14:39 06/10/2009]

-=E.O.F=-


malware bytes:
Malwarebytes' Anti-Malware 1.41
Database version: 3247
Windows 5.1.2600 Service Pack 3

2009.11.28 11:10:39
mbam-log-2009-11-28 (11-10-39).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 231595
Time elapsed: 48 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

and virscan:
VirSCAN.org Scanned Report :
Scanned time : 2009/11/28 10:54:25 (EET)
Scanner results: 3% Scanner(s) (1/37) found malware!
File Name : sanzkqn.dll
File Size : 101376 byte
File Type : data
MD5 : c45d5e0c69d7f0622824d3e3a428ec94
SHA1 : 32cf93f8bdfb0a4e96b6493c02dc5583d30f4b90
Online report : http://virscan.org/report/31df7aeaa53af389...0f831b1751.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091128050151 2009-11-28 5.75 -
AhnLab V3 2009.11.28.01 2009.11.28 2009-11-28 1.50 -
AntiVir 8.2.1.78 7.10.1.117 2009-11-27 0.28 TR/Trash.Gen
Antiy 2.0.18 20091127.3320938 2009-11-27 0.12 -
Arcavir 2009 200911271246 2009-11-27 0.02 -
Authentium 5.1.1 200911271611 2009-11-27 1.21 -
AVAST! 4.7.4 091128-0 2009-11-28 0.01 -
AVG 8.5.288 270.14.85/2531 2009-11-28 0.33 -
BitDefender 7.81008.4653670 7.29177 2009-11-28 3.99 -
CA (VET) 35.1.0 7145 2009-11-26 15.21 -
ClamAV 0.95.2 10088 2009-11-27 0.01 -
Comodo 3.12 3065 2009-11-28 0.78 -
CP Secure 1.3.0.5 2009.11.28 2009-11-28 0.01 -
Dr.Web 4.44.0.9170 2009.11.28 2009-11-28 7.24 -
F-Prot 4.4.4.56 20091127 2009-11-27 1.20 -
F-Secure 7.02.73807 2009.11.27.03 2009-11-27 9.40 -
Fortinet 11.103- 11.103 2009-11-27 0.21 -
GData 19.9045/19.592 20091128 2009-11-28 8.83 -
ViRobot 20091128 2009.11.28 2009-11-28 0.53 -
Ikarus T3.1.01.74 2009.11.28.74608 2009-11-28 4.26 -
JiangMin 11.0.800 2009.11.27 2009-11-27 8.33 -
Kaspersky 5.5.10 2009.11.28 2009-11-28 0.02 -
KingSoft 2009.2.5.15 2009.11.28.15 2009-11-28 0.88 -
McAfee 5.3.00 5815 2009-11-27 3.35 -
Microsoft 1.5302 2009.11.28 2009-11-28 6.18 -
Norman 6.01.09 6.01.00 2009-11-27 4.01 -
Panda 9.05.01 2009.11.27 2009-11-27 2.70 -
Trend Micro 9.000-1003 6.658.02 2009-11-28 0.02 -
Quick Heal 10.00 2009.11.28 2009-11-28 1.46 -
Rising 20.0 22.23.05.04 2009-11-28 0.38 -
Sophos 3.01.0 4.47 2009-11-28 3.06 -
Sunbelt 5518 5518 2009-11-18 1.80 -
Symantec 1.3.0.24 20091127.003 2009-11-27 0.05 -
nProtect 20091127.01 6396533 2009-11-27 3.90 -
The Hacker 6.5.0.2 v00080 2009-11-27 0.80 -
VBA32 3.12.12.0 20091127.2029 2009-11-27 2.15 -
VirusBuster 4.5.11.10 10.114.2/2016093 2009-11-28 2.41 -


thx for your patients.

#6 hammerman

  • Group: Member
  • Posts: 4,183
  • Joined: 28-November 08

Posted 28 November 2009 - 03:59 AM

Hi,

Please follow these steps.

-- Step 1 --

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
FF - prefs.js..extensions.enabledItems: {2a84e607-acb9-4dac-a5e4-9ac9486c180f}:1.0
[2009.10.04 20:09:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions\{2a84e607-acb9-4dac-a5e4-9ac9486c180f}
[2008.04.14 14:00:00 | 00,101,376 | ---- | C] () -- C:\WINDOWS\System32\sanzkqn.dll

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • This fix will produce a report. Please add this to your reply.

-- Step 2 --

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\WINDOWS\System32\drivers\8b5e71cd.sys


  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

-- Step 3 --

Run OTL and select Minimal Output. Use the Quick Scan button to start a scan.
Please post the OTL report in your reply.

#7 trixbit

  • Group: Member
  • Posts: 5
  • Joined: 27-November 09

Posted 28 November 2009 - 05:01 AM

OTL log:
All processes killed
========== OTL ==========
Prefs.js: {2a84e607-acb9-4dac-a5e4-9ac9486c180f}:1.0 removed from extensions.enabledItems
C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions\{2a84e607-acb9-4dac-a5e4-9ac9486c180f}\defaults\preferences folder moved successfully.
C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions\{2a84e607-acb9-4dac-a5e4-9ac9486c180f}\defaults folder moved successfully.
C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions\{2a84e607-acb9-4dac-a5e4-9ac9486c180f}\chrome folder moved successfully.
C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions\{2a84e607-acb9-4dac-a5e4-9ac9486c180f} folder moved successfully.
C:\WINDOWS\system32\sanzkqn.dll moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: PC
->Temp folder emptied: 60350 bytes
->Temporary Internet Files folder emptied: 4087697 bytes
->Java cache emptied: 930122 bytes
->FireFox cache emptied: 75482476 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 63666 bytes

Total Files Cleaned = 77,02 mb


OTL by OldTimer - Version 3.1.11.0 log created on 11282009_125256

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

I couldn't find * C:\WINDOWS\System32\drivers\8b5e71cd.sys this file ( maybe its deleted? )

quick scan repot:
OTL logfile created on: 2009.11.28 12:58:16 - Run 3
OTL by OldTimer - Version 3.1.11.0 Folder = C:\Documents and Settings\PC\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000427 | Country: Lithuania | Language: LTH | Date Format: yyyy.MM.dd

1,50 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 58,56% Memory free
3,35 Gb Paging File | 2,89 Gb Available in Paging File | 86,18% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76,68 Gb Total Space | 47,73 Gb Free Space | 62,25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 372,61 Gb Total Space | 84,28 Gb Free Space | 22,62% Space Free | Partition Type: NTFS
Drive F: | 15,05 Gb Total Space | 2,79 Gb Free Space | 18,53% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: PC
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\PC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\PC\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (mi-raysat_3dsmax2010_32) -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (ATKKeyboardService) -- C:\WINDOWS\ATKKBService.exe (ASUSTeK COMPUTER INC.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A1 17 0B 2B C8 AA 91 4A 9E 65 57 A3 82 9E B8 ED [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.10.06 20:07:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.10.06 16:39:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.06 19:34:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.06 19:34:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.10.04 13:47:34 | 00,000,000 | ---D | M]

[2009.10.04 13:46:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Extensions
[2009.11.28 12:55:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions
[2009.10.06 20:35:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.04 19:04:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.11.26 21:24:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\9fgcctgg.default\extensions\youtube2mp3@mondayx.de
[2009.11.27 21:42:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.10.06 16:44:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2006.10.26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

O1 HOSTS File: (776 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe File not found
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.04 13:06:22 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009.11.28 10:20:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\GooredFix Backups
[2009.11.28 10:19:38 | 00,070,778 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\PC\Desktop\GooredFix.exe
[2009.11.27 22:21:49 | 00,000,000 | ---D | C] -- C:\_OTL
[2009.11.27 18:21:39 | 00,532,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PC\Desktop\OTL.exe
[2009.11.27 11:42:22 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009.11.27 11:34:31 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009.11.27 10:39:16 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\PC\Recent
[2009.11.26 18:37:36 | 00,053,312 | ---- | C] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdklbf.sys
[2009.11.26 18:37:36 | 00,036,928 | ---- | C] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk40.sys
[2009.11.26 18:35:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\gers
[2009.11.25 12:41:28 | 00,679,936 | ---- | C] (Generated by JEDI) -- C:\WINDOWS\System32\D3DX81ab.dll
[2009.11.25 12:41:25 | 00,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2009.11.24 21:47:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\screen
[2009.11.22 10:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\New Folder
[2009.11.21 21:18:09 | 03,369,044 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2009.11.21 21:18:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2009.11.21 21:15:45 | 00,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2009.11.21 20:52:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Application Data\InstallShield
[2009.11.19 20:36:51 | 00,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2009.11.18 18:31:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\ist
[2009.11.16 22:06:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\PC\Desktop\klik
[2009.11.16 13:14:51 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009.11.16 13:14:51 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009.11.16 13:14:51 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

========== Files - Modified Within 14 Days ==========

[2009.11.28 12:57:52 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\PC\NTUSER.DAT
[2009.11.28 12:54:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.11.28 12:53:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.11.28 12:53:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.11.28 12:53:09 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\PC\ntuser.ini
[2009.11.28 12:09:06 | 02,465,034 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Linkin Park ft Greenday - Broken dreams Somewhere (Mashup) Remix.mp3
[2009.11.28 12:04:05 | 04,145,152 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\3 WONDERWALL.mp3
[2009.11.28 10:19:40 | 00,070,778 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\PC\Desktop\GooredFix.exe
[2009.11.27 18:38:13 | 00,284,153 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\gmer.zip
[2009.11.27 18:22:22 | 00,532,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PC\Desktop\OTL.exe
[2009.11.27 13:45:18 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\PC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.27 11:42:25 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\HijackThis.lnk
[2009.11.26 21:56:32 | 00,000,776 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.11.26 18:48:04 | 00,002,559 | ---- | M] () -- C:\WINDOWS\l2control.ini
[2009.11.26 18:37:36 | 00,053,312 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdklbf.sys
[2009.11.26 18:37:36 | 00,036,928 | ---- | M] (microOLAP Technologies LTD) -- C:\WINDOWS\System32\drivers\pssdk40.sys
[2009.11.26 18:30:28 | 01,326,364 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\gers.rar
[2009.11.26 16:22:05 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.11.26 16:13:26 | 03,577,118 | R--- | M] () -- C:\Documents and Settings\PC\Desktop\Combo-Fix.exe
[2009.11.25 16:17:58 | 00,139,045 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Shot00004.jpg
[2009.11.25 16:17:54 | 00,157,138 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Shot00005.jpg
[2009.11.25 12:41:31 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Cheat Engine.lnk
[2009.11.25 12:28:20 | 03,056,578 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Linkin_Park_Across_The_Line_(LPU9)_-_www.linkinpark-fans.com.mp3
[2009.11.22 21:44:06 | 00,668,535 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Picture 1042.jpg
[2009.11.22 10:56:42 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Lin]e[age L2Java.com.lnk
[2009.11.22 10:27:25 | 00,069,888 | ---- | M] () -- C:\Documents and Settings\PC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009.11.22 10:27:11 | 00,270,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.11.21 21:25:34 | 00,000,995 | ---- | M] () -- C:\WINDOWS\ARPR.INI
[2009.11.21 12:17:18 | 00,292,352 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\gmer.exe
[2009.11.21 11:54:04 | 00,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.VER
[2009.11.20 15:49:58 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009.11.16 21:35:42 | 01,528,103 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\Growing Marijuana Song (Very Funny).mp3
[2009.11.16 21:28:37 | 05,035,167 | ---- | M] () -- C:\Documents and Settings\PC\Desktop\projektas naujasn2.swf
[2009.11.15 19:55:31 | 00,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.11.15 19:55:31 | 00,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.11.15 19:55:30 | 00,523,110 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2009.11.28 12:09:06 | 02,465,034 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Linkin Park ft Greenday - Broken dreams Somewhere (Mashup) Remix.mp3
[2009.11.28 12:01:42 | 04,145,152 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\3 WONDERWALL.mp3
[2009.11.27 18:38:27 | 00,292,352 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\gmer.exe
[2009.11.27 18:38:12 | 00,284,153 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\gmer.zip
[2009.11.27 11:42:25 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\HijackThis.lnk
[2009.11.26 18:41:35 | 00,002,559 | ---- | C] () -- C:\WINDOWS\l2control.ini
[2009.11.26 18:29:16 | 01,326,364 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\gers.rar
[2009.11.26 16:16:00 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009.11.26 16:12:18 | 03,577,118 | R--- | C] () -- C:\Documents and Settings\PC\Desktop\Combo-Fix.exe
[2009.11.25 16:17:28 | 00,139,045 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Shot00004.jpg
[2009.11.25 16:17:26 | 00,157,138 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Shot00005.jpg
[2009.11.25 12:41:31 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Cheat Engine.lnk
[2009.11.25 12:41:28 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009.11.25 12:18:23 | 03,056,578 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Linkin_Park_Across_The_Line_(LPU9)_-_www.linkinpark-fans.com.mp3
[2009.11.22 21:42:29 | 00,668,535 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Picture 1042.jpg
[2009.11.21 21:16:35 | 00,000,730 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Lin]e[age L2Java.com.lnk
[2009.11.21 21:15:45 | 00,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2009.11.19 20:37:02 | 00,000,995 | ---- | C] () -- C:\WINDOWS\ARPR.INI
[2009.11.16 21:26:00 | 05,035,167 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\projektas naujasn2.swf
[2009.11.16 21:24:56 | 01,528,103 | ---- | C] () -- C:\Documents and Settings\PC\Desktop\Growing Marijuana Song (Very Funny).mp3
[2009.10.21 12:46:26 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.10.11 10:50:10 | 00,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009.10.10 19:05:23 | 00,000,276 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mw2mmgr.inc
[2009.10.10 19:05:07 | 00,000,110 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mw2mmgr.txt
[2009.10.05 11:49:57 | 00,070,144 | ---- | C] () -- C:\Documents and Settings\PC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.04 19:10:47 | 00,002,128 | ---- | C] () -- C:\Documents and Settings\PC\Local Settings\Application Data\A50EA9D9-D648-4B62-A93F-05D6AA5867F4.txt
[2009.10.04 13:39:11 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009.10.04 13:38:23 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009.10.04 13:38:18 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009.10.04 13:33:42 | 00,002,503 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.10.04 13:33:41 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.10.04 13:28:52 | 00,000,125 | ---- | C] () -- C:\Documents and Settings\PC\Local Settings\Application Data\fusioncache.dat
[2009.10.04 13:25:11 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2009.10.04 13:25:11 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2009.10.04 13:25:11 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2009.10.04 13:25:11 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2009.10.04 13:25:11 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2009.10.04 13:25:11 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2009.10.04 13:25:11 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2009.10.04 13:25:11 | 00,010,496 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2009.10.04 13:25:11 | 00,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009.10.04 13:25:10 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2009.08.02 23:21:54 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.08.02 23:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.08.02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.08.02 23:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006.10.27 15:26:56 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

========== LOP Check ==========

[2009.10.26 13:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009.10.05 18:58:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009.10.04 13:47:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009.10.13 16:17:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009.10.13 16:52:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009.11.08 12:43:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WNR
[2009.10.26 13:15:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\ATI
[2009.10.10 22:18:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Autodesk
[2009.10.13 17:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\Nokia
[2009.10.13 16:53:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\PC Suite
[2009.11.01 12:23:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\runic games
[2009.10.23 20:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\smc
[2009.11.26 17:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\uTorrent
[2009.11.08 12:43:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\PC\Application Data\WNR

========== Purity Check ==========


< End of report >

#8 hammerman

  • Group: Member
  • Posts: 4,183
  • Joined: 28-November 08

Posted 28 November 2009 - 06:43 AM

Hi,

How's your computer running now? Any more redirects?

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT

  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer

  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on View Report and then Save Report

  • Save the file to your desktop as a text file.
  • Copy and paste that information in your next post.

#9 trixbit

  • Group: Member
  • Posts: 5
  • Joined: 27-November 09

Posted 28 November 2009 - 10:15 AM

Thx very much, i think that redirection thing is gone. i will done kaspersky cheack. thx for your patience

#10 hammerman

  • Group: Member
  • Posts: 4,183
  • Joined: 28-November 08

Posted 28 November 2009 - 10:51 AM

OK. Post the Kaspersky log when it's finished.

#11 hammerman

  • Group: Member
  • Posts: 4,183
  • Joined: 28-November 08

Posted 05 December 2009 - 04:07 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this topic:


Page 1 of 1