Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet explorer and safari won't work.

Started by ldhacker , Feb 01 2010 07:10 PM

  • Please log in to reply

#1
ldhacker
Posted 01 February 2010 - 07:10 PM

ldhacker

    New Member

  • Member
  • Pip
  • 6 posts
Hello, My computer was acting up and saying virus alert and all of these error messages popped up saying something like your security software is out of date. I successfully removed the virus without my antivirus because it wasn't detecting it. Now my computer will not let me connect to the internet with internet explorer or safari, it will only let me use firefox. I figure it is a registry error, I have already use WinSock Fix and it still will not let me connect. I have tried to use Ccleaner to clear everything on my browsers history. I have also tried using TFC. The viruses process was name orngsysguard.exe. Malwarebytes anti malware will not work on my computer it keeps saying error codes. Can you please help me?

Edited by ldhacker, 01 February 2010 - 08:51 PM.

  • 0

Advertisements

#2
ldhacker
Posted 01 February 2010 - 08:47 PM

ldhacker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OTL logfile created on: 2/1/2010 8:36:46 PM - Run 2
OTL by OldTimer - Version 3.1.27.1 Folder = F:\MFF\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.62 Gb Total Space | 8.81 Gb Free Space | 47.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 232.83 Gb Total Space | 216.80 Gb Free Space | 93.11% Space Free | Partition Type: FAT32
Drive G: | 6.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 1.86 Gb Total Space | 1.86 Gb Free Space | 99.92% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: LDHACKER
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/01 20:28:20 | 000,548,864 | ---- | M] (OldTimer Tools) -- F:\MFF\Downloads\OTL.exe
PRC - [2010/01/19 18:10:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- F:\MFF\firefox.exe
PRC - [2009/11/27 17:21:26 | 002,923,192 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/21 14:34:34 | 000,185,089 | ---- | M] (Avira GmbH) -- F:\Avira\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/05/13 16:48:24 | 000,108,289 | ---- | M] (Avira GmbH) -- F:\Avira\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:48 | 000,209,153 | ---- | M] (Avira GmbH) -- F:\Avira\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 00:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- F:\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/02/06 18:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/10 18:28:06 | 040,999,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- F:\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- F:\Windows Defender\MsMpEng.exe
PRC - [2005/06/21 15:48:18 | 000,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe


========== Modules (SafeList) ==========

MOD - [2010/02/01 20:28:20 | 000,548,864 | ---- | M] (OldTimer Tools) -- F:\MFF\Downloads\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/11/11 01:35:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/21 14:34:34 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Avira\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/23 13:28:29 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9dbdcb2b6b058) Google Update Service (gupdate1c9dbdcb2b6b058)
SRV - [2009/05/23 13:27:24 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/05/13 16:48:24 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- F:\Avira\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/06 15:15:00 | 002,785,582 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/02/16 00:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/10 18:28:06 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008/07/10 18:28:06 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008/07/10 18:28:04 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AddThis"
FF - prefs.js..browser.search.selectedEngine: "Answers.com"
FF - prefs.js..extensions.enabledItems: [email protected]:0.4.2
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.0
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47
FF - prefs.js..extensions.enabledItems: [email protected]:3.1.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.1
FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.6
FF - prefs.js..keyword.URL: "http://search.addthi...ocale=en-US&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: E:\MFF\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: E:\MFF\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: F:\MFF\components [2009/09/12 21:51:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: F:\MFF\plugins [2009/09/12 21:51:20 | 000,000,000 | ---D | M]

[2009/05/07 18:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/02/01 15:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k24yw5q9.default\extensions
[2009/12/13 16:12:25 | 000,000,000 | ---D | M] (ANTHEM) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k24yw5q9.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2009/11/10 17:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k24yw5q9.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010/01/31 17:19:12 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k24yw5q9.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2010/01/27 18:45:05 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k24yw5q9.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2009/12/28 18:40:25 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k24yw5q9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/20 15:53:03 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k24yw5q9.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2010/01/31 17:19:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k24yw5q9.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010/01/22 23:13:01 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k24yw5q9.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/01/29 10:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k24yw5q9.default\extensions\[email protected]
[2010/01/20 17:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k24yw5q9.default\extensions\[email protected]
[2010/01/26 17:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k24yw5q9.default\extensions\[email protected]

O1 HOSTS File: ([2010/02/01 18:34:19 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {3D98AD1A-707C-4FA7-AE98-C4039B8231EB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\k24yw5q9.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.80.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Windows Defender] F:\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] F:\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = F:\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to avgnt.lnk = F:\Avira\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1033625273734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1033625378140 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (F:\Logon screens\Hazrd\logonui.exe) - F:\Logon screens\Hazrd\logonui.exe (Wallpapers & Etc)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - F:\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/15 00:23:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/10/23 01:22:58 | 000,000,283 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d44865ec-38fa-11de-988e-000874d72dfe}\Shell - "" = AutoRun
O33 - MountPoints2\{d44865ec-38fa-11de-988e-000874d72dfe}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d44865ec-38fa-11de-988e-000874d72dfe}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2007/10/23 01:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/04/15 00:22:10 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/01 18:42:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/01/31 19:00:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/31 11:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\kmcfgn
[2010/01/29 22:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/01/23 12:47:29 | 000,000,000 | ---D | C] -- C:\temp
[2010/01/23 12:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/01/23 12:42:14 | 000,000,000 | ---D | C] -- C:\PS3ThemeCreator
[2010/01/19 20:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Virtual Machines
[2009/12/19 14:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/14 16:06:44 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/07/27 22:03:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/06/30 10:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/06/24 14:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/06/24 12:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/06/07 22:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/05/23 13:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

========== Files - Modified Within 14 Days ==========

[2010/02/01 19:46:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/01 19:14:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/01 18:44:13 | 000,002,003 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/02/01 18:42:48 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/02/01 18:39:48 | 000,000,302 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/02/01 18:37:47 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/02/01 18:37:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/01 18:36:36 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/01 18:36:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/01 18:36:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/01 18:36:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/01 18:35:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/02/01 18:23:49 | 000,000,360 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/01 13:14:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/01 13:14:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/01 07:14:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/01 01:14:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/31 18:00:45 | 000,000,479 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/30 20:03:43 | 000,000,398 | ---- | M] () -- C:\WINDOWS\KDiamond.INI
[2010/01/30 20:01:27 | 000,000,387 | ---- | M] () -- C:\WINDOWS\ccombat.ini
[2010/01/30 19:57:26 | 000,000,735 | ---- | M] () -- C:\WINDOWS\EntPack.ini
[2010/01/30 19:57:21 | 000,000,886 | ---- | M] () -- C:\WINDOWS\EntPack.dat
[2010/01/30 19:11:30 | 006,450,330 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ubuntu-9.10-desktop-i386.iso.download
[2010/01/30 14:25:28 | 000,000,039 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2010/01/30 14:25:19 | 000,000,063 | ---- | M] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences2.dat
[2010/01/29 22:32:42 | 000,045,332 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/29 21:27:24 | 000,000,422 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/01/26 09:31:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/25 17:36:08 | 004,124,332 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\FileZilla_3.3.1_win32-setup.exe
[2010/01/24 00:13:32 | 000,159,243 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vlc-record-2010-01-24-00h13m21s-Lil Wayne - A Millie .mp3-.mp3
[2010/01/24 00:13:15 | 000,176,797 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vlc-record-2010-01-24-00h13m07s-Lil Wayne - A Millie .mp3-.mp3
[2010/01/23 19:14:10 | 000,000,072 | ---- | M] () -- C:\WINDOWS\MediaManager.INI
[2010/01/23 14:19:30 | 000,012,380 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/01/23 12:42:38 | 000,002,044 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PS3ThemeCreator.exe.lnk
[2010/01/19 20:23:29 | 000,613,280 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/19 20:23:29 | 000,507,672 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/19 20:23:29 | 000,096,120 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/02/01 18:23:49 | 000,000,360 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/31 18:00:45 | 000,000,479 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/30 20:03:43 | 000,000,398 | ---- | C] () -- C:\WINDOWS\KDiamond.INI
[2010/01/30 20:01:27 | 000,000,387 | ---- | C] () -- C:\WINDOWS\ccombat.ini
[2010/01/30 19:47:24 | 000,000,886 | ---- | C] () -- C:\WINDOWS\EntPack.dat
[2010/01/30 19:47:24 | 000,000,735 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2010/01/30 19:11:19 | 006,450,330 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ubuntu-9.10-desktop-i386.iso.download
[2010/01/29 22:32:42 | 000,045,332 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/29 22:31:34 | 000,002,003 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/01/25 17:36:04 | 004,124,332 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\FileZilla_3.3.1_win32-setup.exe
[2010/01/24 00:13:32 | 000,159,243 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vlc-record-2010-01-24-00h13m21s-Lil Wayne - A Millie .mp3-.mp3
[2010/01/24 00:13:14 | 000,176,797 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vlc-record-2010-01-24-00h13m07s-Lil Wayne - A Millie .mp3-.mp3
[2010/01/23 19:14:10 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2010/01/23 14:19:30 | 000,012,380 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/01/23 12:42:38 | 000,002,044 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PS3ThemeCreator.exe.lnk
[2009/11/14 16:38:32 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/11/05 20:14:42 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/10/10 23:19:41 | 000,000,752 | ---- | C] () -- C:\WINDOWS\AnimatorDV.INI
[2009/10/01 17:42:36 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2009/09/12 20:19:57 | 000,215,816 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/09/09 20:43:32 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2009/09/09 20:02:58 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2009/06/25 22:13:57 | 000,163,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2009/06/07 00:08:43 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/03 00:10:51 | 000,000,310 | ---- | C] () -- C:\WINDOWS\FPStudio.INI
[2009/05/28 13:21:44 | 000,427,776 | ---- | C] () -- C:\WINDOWS\System32\iegd3dg3.dll
[2009/05/28 13:21:44 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\ch7017.sys
[2009/05/28 13:21:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\ch7009.sys
[2009/05/28 13:21:44 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\fs454.sys
[2009/05/28 13:21:44 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\ns2501.sys
[2009/05/28 13:21:44 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvds.sys
[2009/05/28 13:21:44 | 000,005,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\ns387.sys
[2009/05/28 13:21:44 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\ti410.sys
[2009/05/28 13:21:44 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\sii164.sys
[2009/05/28 13:21:44 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\th164.sys
[2009/05/14 21:37:07 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTSHDW3.dll
[2009/05/03 20:54:15 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009/05/03 20:54:14 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2008/06/28 01:43:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS

========== LOP Check ==========

[2009/10/09 22:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2009/05/25 16:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/06 19:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dev-Cpp
[2009/07/10 11:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2010/01/29 18:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2009/11/10 22:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FireShot
[2009/12/28 18:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Folding@home-x86
[2010/01/30 19:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2009/05/28 15:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GarageGames
[2010/01/23 14:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2009/08/01 21:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HighAndes
[2009/06/03 00:08:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\IFBuilder
[2009/11/27 20:55:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\ijjigame
[2009/06/24 12:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2009/11/03 21:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2009/12/23 19:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ParaChat
[2009/10/19 20:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2009/10/23 16:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thinking Minds Budiling Bytes
[2009/11/08 20:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2009/09/19 22:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wal-Mart Digital Photo Viewer
[2009/07/10 11:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/08/01 21:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HighAndes
[2009/10/04 20:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/05/29 14:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2009/07/10 11:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/12/23 19:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Parker Software
[2009/11/28 22:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/12/13 13:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/12/13 13:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/06/02 23:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/01 13:14:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/02/01 19:14:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/02/01 01:14:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/02/01 07:14:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/02/01 13:14:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/02/01 18:39:48 | 000,000,302 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/04/30 22:35:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/04/30 22:35:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/30 22:35:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/04/30 22:35:23 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 12:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/04/25 09:28:14 | 000,871,040 | ---- | M] (Intel Corporation) MD5=D593517879E65167DF35F6015814AC59 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/05/17 16:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2005/05/17 16:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/04/14 17:09:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/04/14 17:09:23 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/04/14 17:09:23 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0A8E2C33
< End of report >
  • 0

#3
ldhacker
Posted 01 February 2010 - 09:52 PM

ldhacker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-01 21:52:16
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pfldapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB103EFC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB103BC80]
SSDT BAF82606 ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB103F580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB1053900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB1053B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB1057B10]
SSDT BAF825FC ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB103F670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB103C210]
SSDT BAF8260B ZwDeleteKey
SSDT BAF82615 ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB1053280]
SSDT BAF8261A ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB1056F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB103C070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB1055180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB1054F40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB10576F0]
SSDT BAF82624 ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB103EBE0]
SSDT BAF8261F ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB103F190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB103C440]
SSDT BAF82610 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB1054200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB1054080]

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4592EE35-D3D5-8AF0-F4BE-4826F8309E36}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4592EE35-D3D5-8AF0-F4BE-4826F8309E36}@jahoagalbpgfdedcipke 0x66 0x61 0x6D 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4592EE35-D3D5-8AF0-F4BE-4826F8309E36}@paphpemaefhniinaocgodpmmfmpdlmmh 0x62 0x61 0x6C 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4592EE35-D3D5-8AF0-F4BE-4826F8309E36}@hahoagalbpgfdedc 0x6E 0x62 0x6D 0x6A ...

---- EOF - GMER 1.0.15 ----
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP