Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Not sure if I'm infected or anything. Google.com redirecting


  • Please log in to reply

#1
Mienai

Mienai

    New Member

  • Member
  • Pip
  • 3 posts
As the topic states, I'm not sure if I'm infected or anything. However everytime I try to access a search engine (ie: Google.com), I get redirected to its German equivalent (in this case, google.de)

I've done the steps in the guide, with the exception of RootRepeal (I get a "FOPS - DeviceIoControl Error! Error Code=0xc0000024 Extended Info (0x000000dc)" message). I'm running Firefox 3.5.5 & the Windows 7 RC.

MBAM
Malwarebytes' Anti-Malware 1.42
Database version: 3334
Windows 6.1.7100
Internet Explorer 8.0.7100.0

12/9/2009 7:36:58 PM
mbam-log-2009-12-09 (19-36-58).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 249337
Time elapsed: 39 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Mienai, 10 December 2009 - 06:37 PM.

  • 0

Advertisements


#2
Mienai

Mienai

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:48 PM, on 12/10/2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Seesmic Desktop\Seesmic Desktop.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 4623 bytes
  • 0

#3
Mienai

Mienai

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
OTL
OTL logfile created on: 12/10/2009 5:25:37 PM - Run 1
OTL by OldTimer - Version 3.1.14.0 Folder = C:\Users\Mienai\Downloads
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.76% Memory free
3.98 Gb Paging File | 2.75 Gb Available in Paging File | 69.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 101.69 Gb Total Space | 66.81 Gb Free Space | 65.70% Space Free | Partition Type: NTFS
Drive D: | 8.21 Gb Total Space | 1.81 Gb Free Space | 21.98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SYAORAN
Current User Name: Mienai
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/10 17:25:10 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Users\Mienai\Downloads\OTL.exe
PRC - [2009/12/10 17:10:28 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/24 15:43:00 | 00,117,760 | ---- | M] (dotSyntax, LLC) -- C:\Program Files\Digsby\lib\digsby-app.exe
PRC - [2009/11/06 01:04:01 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/14 15:06:02 | 00,095,232 | ---- | M] () -- C:\Program Files\Seesmic Desktop\Seesmic Desktop.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/06/16 17:45:24 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2009/06/16 17:45:22 | 00,252,952 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2009/06/16 17:45:20 | 00,150,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2009/06/16 17:45:12 | 00,173,592 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2009/06/01 12:51:52 | 01,468,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2009/04/23 05:29:18 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 05:29:14 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/22 00:19:35 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/04/22 00:19:02 | 02,607,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/22 00:18:52 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/03/11 15:13:08 | 00,788,332 | ---- | M] () -- C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
PRC - [2007/07/10 05:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe


========== Modules (SafeList) ==========

MOD - [2009/12/10 17:25:10 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Users\Mienai\Downloads\OTL.exe
MOD - [2009/05/13 01:15:18 | 01,679,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7100.19_none_b6a32c7c247ee542\comctl32.dll
MOD - [2009/04/22 00:22:04 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/04/22 00:21:49 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/04/22 00:21:46 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/04/22 00:21:43 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/04/22 00:21:19 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/04/22 00:20:43 | 00,280,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/04/22 00:20:19 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/04/22 00:20:14 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/04/22 00:20:07 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/04/22 00:20:00 | 00,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/07/08 16:53:41 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/04/22 00:22:25 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/04/22 00:22:12 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/04/22 00:22:10 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/04/22 00:22:07 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/04/22 00:22:02 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/04/22 00:21:49 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/04/22 00:21:46 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/04/22 00:21:43 | 00,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/04/22 00:21:42 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/04/22 00:21:42 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/04/22 00:21:42 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/04/22 00:21:40 | 01,004,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/04/22 00:20:52 | 00,680,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/22 00:20:40 | 00,396,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/04/22 00:20:40 | 00,396,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/04/22 00:20:30 | 00,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/04/22 00:20:14 | 00,252,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/04/22 00:20:13 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/04/22 00:19:55 | 00,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/04/22 00:19:54 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/04/22 00:19:51 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/04/22 00:19:50 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/04/22 00:19:20 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/07/10 05:28:08 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/11/24 18:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/24 18:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/24 18:49:48 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/11/24 18:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/24 18:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/10/16 19:12:02 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2009/09/28 08:22:00 | 00,315,392 | ---- | M] () -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/01 06:01:27 | 00,063,640 | ---- | M] (Bazis) -- C:\Windows\System32\drivers\VirtDiskBus.sys -- (VirtDiskBus)
DRV - [2009/07/01 06:01:26 | 00,061,080 | ---- | M] (Bazis) -- C:\Windows\System32\drivers\BazisVirtualCD.sys -- (BazisVirtualCD)
DRV - [2009/06/16 17:28:22 | 04,756,992 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/04/22 00:24:35 | 00,422,992 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/04/22 00:24:29 | 00,297,552 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/04/22 00:24:23 | 00,453,712 | ---- | M] (Emulex) -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/04/22 00:24:21 | 00,332,368 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/04/22 00:24:21 | 00,159,312 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/04/22 00:24:21 | 00,146,512 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/04/22 00:24:20 | 00,236,112 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/04/22 00:24:19 | 00,086,608 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/04/22 00:24:17 | 00,142,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/04/22 00:24:16 | 00,133,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/04/22 00:24:14 | 00,117,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/04/22 00:24:14 | 00,095,824 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/04/22 00:24:13 | 00,096,848 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/04/22 00:24:13 | 00,077,904 | ---- | M] (AMD) -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/04/22 00:24:12 | 00,089,168 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/04/22 00:24:12 | 00,076,368 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/04/22 00:24:08 | 00,070,736 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/04/22 00:24:08 | 00,067,152 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/04/22 00:24:06 | 00,054,864 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/04/22 00:24:05 | 00,045,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/04/22 00:24:05 | 00,044,624 | ---- | M] (IBM Corporation) -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/04/22 00:24:04 | 00,042,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/04/22 00:24:04 | 00,023,120 | ---- | M] (AMD) -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/04/22 00:24:04 | 00,015,952 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/04/22 00:24:04 | 00,014,416 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/04/22 00:24:02 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/04/22 00:23:59 | 00,030,800 | ---- | M] (LSI Corporation) -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/04/22 00:23:56 | 01,383,504 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/04/22 00:23:55 | 00,175,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/04/22 00:23:55 | 00,173,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/04/22 00:23:53 | 00,013,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/04/22 00:23:52 | 00,158,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/04/22 00:23:52 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/04/22 00:23:49 | 00,105,552 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/04/22 00:23:49 | 00,077,904 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/04/22 00:23:47 | 00,040,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/04/22 00:23:45 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/04/22 00:23:44 | 00,032,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/04/22 00:23:44 | 00,028,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/04/22 00:23:43 | 00,021,072 | ---- | M] (Promise Technology) -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/04/22 00:23:43 | 00,019,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/04/22 00:23:42 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/04/22 00:23:29 | 00,369,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/04/21 23:53:34 | 00,272,128 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/04/21 23:01:13 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/04/21 23:00:12 | 00,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/04/21 22:53:30 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/04/21 22:52:25 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/04/21 22:51:14 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/04/21 22:50:28 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/04/21 22:50:20 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/04/21 22:50:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/04/21 22:49:31 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/04/21 22:45:25 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/04/21 22:43:54 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/04/21 22:35:06 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/04/21 22:32:05 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/04/21 22:26:30 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/04/21 22:26:29 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/04/21 22:21:35 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/04/21 22:16:45 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/04/21 22:13:47 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/04/21 22:08:28 | 00,052,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/04/21 21:52:05 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/04/21 21:51:17 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/04/21 21:51:17 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/04/21 21:51:16 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/04/21 21:51:15 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/04/21 21:51:15 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/04/21 21:11:52 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/04/21 21:11:52 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/04/21 21:11:52 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/04/21 21:01:10 | 04,231,168 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/04/21 21:01:07 | 03,100,160 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/04/21 21:01:07 | 00,430,080 | ---- | M] (Broadcom Corporation) -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/04/21 21:01:07 | 00,229,888 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/04/21 19:51:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/04/20 14:38:54 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/04/08 13:29:52 | 00,056,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
DRV - [2008/11/05 13:20:24 | 00,048,128 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/10/11 05:56:00 | 00,045,056 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/07/29 05:41:36 | 00,038,400 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/08/01 06:42:32 | 00,164,864 | ---- | M] (Conexant Systems Inc.) -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/07/10 05:27:56 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 02:29:56 | 00,984,064 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 02:28:34 | 00,208,896 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 02:28:22 | 00,660,480 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/09/24 08:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2006/06/18 14:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/05/31 11:18:30 | 00,029,184 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [1996/04/03 14:33:26 | 00,005,248 | ---- | M] () -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6B C0 E3 50 32 07 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: sharing@addons.mozilla.org:1.0.4
FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:0.9.8
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.45
FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: Eraser@vikram:1.021
FF - prefs.js..extensions.enabledItems: fbbeaconblocker@codeismightier.com:1.0.0
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.0.2
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.5.7.5
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.4.3
FF - prefs.js..extensions.enabledItems: homo_nudus@livejournal.com:8.7.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.18
FF - prefs.js..extensions.enabledItems: PrivacyPlus@PeterOlayev.com:1.0.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.4.6

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 01:04:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/26 21:41:00 | 00,000,000 | ---D | M]

[2009/07/16 00:04:11 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Extensions
[2009/12/10 03:46:16 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions
[2009/12/03 17:03:52 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2009/09/16 18:01:54 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2009/10/21 15:56:19 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2009/11/27 23:07:10 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/05 16:46:30 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/12/07 01:25:38 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/10/26 21:24:40 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2009/11/21 01:01:33 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/08/12 23:01:41 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/07 00:01:52 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/10/28 12:43:58 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/07/16 12:21:10 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}
[2009/12/01 00:11:56 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\bettergmail2@ginatrapani.org
[2009/11/03 00:34:49 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\Eraser@vikram
[2009/10/26 20:45:13 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\fbbeaconblocker@codeismightier.com
[2009/12/10 03:41:23 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\firefox@ghostery.com
[2009/12/04 22:20:00 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\foxmarks@kei.com
[2009/10/13 19:57:18 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\homo_nudus@livejournal.com
[2009/11/03 00:34:49 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\PrivacyPlus@PeterOlayev.com
[2009/09/05 13:17:26 | 00,000,000 | ---D | M] -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\extensions\sharing@addons.mozilla.org
[2009/07/23 18:40:17 | 00,001,606 | ---- | M] () -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\searchplugins\amazondotcom.xml
[2009/07/31 00:09:31 | 00,001,606 | ---- | M] () -- C:\Users\Mienai\AppData\Roaming\Mozilla\Firefox\Profiles\szsf1rdd.default\searchplugins\ebay.xml
[2009/12/01 15:52:36 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/26 21:40:44 | 00,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: (824 bytes) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Mienai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm ()
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/20 10:42:25 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{50ecdf17-c3e7-11de-b255-0016d39ebba5}\Shell - "" = AutoRun
O33 - MountPoints2\{50ecdf17-c3e7-11de-b255-0016d39ebba5}\Shell\AutoRun\command - "" = F:\FahrenheitAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/10 17:10:27 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/10 02:30:19 | 00,000,000 | ---D | C] -- C:\Users\Mienai\AppData\Roaming\Mp3tag
[2009/12/08 21:43:22 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2009/12/04 22:19:16 | 00,000,000 | ---D | C] -- C:\Program Files\Mp3tag
[2009/12/04 22:15:58 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/01 15:52:34 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/12/01 15:52:34 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/12/01 15:52:34 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/01 07:35:49 | 00,000,000 | ---D | C] -- C:\inetpub
[2009/12/01 07:35:49 | 00,000,000 | ---D | C] -- C:\Windows\System32\BestPractices
[2009/11/30 23:20:50 | 00,000,000 | R--D | C] -- C:\Users\Mienai\Documents\My Dropbox
[2009/11/30 23:15:12 | 00,000,000 | ---D | C] -- C:\Users\Mienai\AppData\Roaming\Dropbox
[2009/11/30 00:19:10 | 00,000,000 | ---D | C] -- C:\Users\Mienai\Documents\Digsby Logs
[2009/11/30 00:14:16 | 00,000,000 | ---D | C] -- C:\Users\Mienai\AppData\Roaming\Digsby
[2009/11/30 00:14:16 | 00,000,000 | ---D | C] -- C:\Users\Mienai\AppData\Local\Digsby
[2009/11/26 21:41:00 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2009/11/26 21:41:00 | 00,000,000 | ---D | C] -- C:\Users\Mienai\AppData\Roaming\Foxit
[2009/11/24 21:27:19 | 00,000,000 | ---D | C] -- C:\Program Files\MediaMonkey
[2009/11/20 22:00:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/11/20 22:00:56 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/10 17:27:53 | 01,310,720 | -HS- | M] () -- C:\Users\Mienai\NTUSER.DAT
[2009/12/10 17:10:28 | 00,002,043 | ---- | M] () -- C:\Users\Mienai\Desktop\HijackThis.lnk
[2009/12/10 16:55:42 | 00,016,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/10 16:55:42 | 00,016,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/10 16:52:54 | 05,565,772 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/10 16:52:54 | 00,760,620 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/12/10 16:52:54 | 00,735,874 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2009/12/10 16:52:54 | 00,711,654 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009/12/10 16:52:54 | 00,673,056 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/10 16:52:54 | 00,434,896 | ---- | M] () -- C:\Windows\System32\perfh012.dat
[2009/12/10 16:52:54 | 00,423,664 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2009/12/10 16:52:54 | 00,421,804 | ---- | M] () -- C:\Windows\System32\prfh0404.dat
[2009/12/10 16:52:54 | 00,405,024 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2009/12/10 16:52:54 | 00,152,940 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2009/12/10 16:52:54 | 00,151,866 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/12/10 16:52:54 | 00,150,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009/12/10 16:52:54 | 00,122,934 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2009/12/10 16:52:54 | 00,122,934 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/10 16:52:54 | 00,122,528 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2009/12/10 16:52:54 | 00,122,428 | ---- | M] () -- C:\Windows\System32\perfc012.dat
[2009/12/10 16:52:54 | 00,115,568 | ---- | M] () -- C:\Windows\System32\prfc0404.dat
[2009/12/10 16:48:35 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/10 16:48:30 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/10 16:48:22 | 16,030,35136 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/10 04:33:04 | 07,667,019 | -H-- | M] () -- C:\Users\Mienai\AppData\Local\IconCache.db
[2009/12/04 19:42:35 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/03 13:39:23 | 00,000,688 | ---- | M] () -- C:\Users\Mienai\Desktop\Libraries - Shortcut.lnk
[2009/11/26 01:21:03 | 00,007,577 | ---- | M] () -- C:\Users\Mienai\Documents\Document.rtf
[2009/11/24 18:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/11/24 18:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/11/24 18:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/11/24 18:49:48 | 00,053,328 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/11/24 18:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/11/24 18:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/11/24 18:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/11/16 23:36:36 | 00,000,460 | ---- | M] () -- C:\Users\Mienai\Documents\cc_20091116_233625.reg
[2009/11/13 13:53:28 | 00,003,632 | ---- | M] () -- C:\Users\Mienai\Documents\cc_20091113_135318.reg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/10 17:10:28 | 00,002,043 | ---- | C] () -- C:\Users\Mienai\Desktop\HijackThis.lnk
[2009/12/04 19:42:21 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/12/03 13:39:23 | 00,000,688 | ---- | C] () -- C:\Users\Mienai\Desktop\Libraries - Shortcut.lnk
[2009/11/25 23:50:34 | 00,007,577 | ---- | C] () -- C:\Users\Mienai\Documents\Document.rtf
[2009/11/16 23:36:32 | 00,000,460 | ---- | C] () -- C:\Users\Mienai\Documents\cc_20091116_233625.reg
[2009/11/13 13:53:20 | 00,003,632 | ---- | C] () -- C:\Users\Mienai\Documents\cc_20091113_135318.reg
[2009/09/28 08:22:00 | 00,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009/07/22 11:39:27 | 00,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/04/21 22:50:07 | 00,073,216 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/04/21 22:40:32 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP