Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

spyware messing with ftp [Closed]


  • This topic is locked This topic is locked

#1
cx luvr

cx luvr

    New Member

  • Member
  • Pip
  • 1 posts
hi there,

i'm pretty sure I've got some malware that's watching my ftp and screwing with my wordpress blog. it's apparently not uncommon.

here's my three logs:

otl:
OTL logfile created on: 5/10/2010 1:38:12 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\andrew\magazine\blog\hack-may9-2010
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 3.00 Gb Free Space | 4.03% Space Free | Partition Type: NTFS
Drive D: | 1.89 Gb Total Space | 0.30 Gb Free Space | 15.70% Space Free | Partition Type: FAT
Drive E: | 465.76 Gb Total Space | 7.99 Gb Free Space | 1.72% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CYCLOCROSSING
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/10 01:33:40 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\andrew\magazine\blog\hack-may9-2010\OTL.exe
PRC - [2010/05/09 22:50:03 | 000,293,376 | ---- | M] () -- C:\downloads\hn434jfz.exe
PRC - [2010/04/28 13:45:50 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files\Opera 10 Beta\opera.exe
PRC - [2010/03/19 18:00:21 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2010/02/25 11:02:02 | 000,716,616 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2010/02/25 10:59:54 | 001,047,880 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/12/24 08:55:22 | 001,732,960 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2009/05/28 23:55:44 | 000,181,312 | ---- | M] () -- C:\Program Files\Photodex\ProShow\scsiaccess.exe
PRC - [2009/05/22 18:30:56 | 000,080,384 | ---- | M] () -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2009/03/22 11:12:38 | 000,028,160 | ---- | M] () -- C:\Program Files\BitKinex\bitkinexsvc.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/09/05 10:53:48 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/07/02 14:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/11 02:25:42 | 006,731,312 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
PRC - [2007/06/06 17:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/30 05:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
PRC - [2007/05/22 15:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/14 12:21:40 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/02/19 15:26:32 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/10/18 16:05:18 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/10/18 16:04:28 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/10/18 16:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2006/10/18 15:58:16 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/10/18 15:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/10/18 15:53:24 | 000,479,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/10/18 15:49:52 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/09/08 16:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2005/11/03 20:08:02 | 000,095,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/10 01:33:40 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\andrew\magazine\blog\hack-may9-2010\OTL.exe
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 18:00:21 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2010/03/15 22:02:52 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/02/25 10:59:54 | 001,047,880 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/02/25 10:56:02 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/12/24 08:55:22 | 001,732,960 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009/07/27 08:50:21 | 000,044,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe -- (wlcrasvc)
SRV - [2009/05/28 23:55:44 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Photodex\ProShow\scsiaccess.exe -- (ScsiAccess)
SRV - [2009/05/22 18:30:56 | 000,080,384 | ---- | M] () [Auto | Running] -- C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009/03/22 11:12:38 | 000,028,160 | ---- | M] () [Auto | Running] -- C:\Program Files\BitKinex\bitkinexsvc.exe -- (BitKinex)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/04 15:09:02 | 000,111,896 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2008/02/07 21:30:23 | 001,245,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/22 17:03:43 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/09/18 08:25:43 | 000,181,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/09/06 15:29:46 | 000,108,392 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/09/06 15:29:46 | 000,108,392 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/09/06 15:29:46 | 000,108,392 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/09/05 10:53:48 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/30 05:31:10 | 000,312,880 | ---- | M] (GRISOFT s.r.o.) [Auto | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard)
SRV - [2007/05/24 08:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/05/14 12:21:40 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/02/19 15:27:16 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [On_Demand | Stopped] -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
SRV - [2006/10/18 16:05:18 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/10/18 16:01:34 | 000,290,816 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2006/10/18 15:56:52 | 000,946,176 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/10/18 15:49:52 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/11/15 11:27:56 | 000,169,200 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/11/15 11:27:54 | 001,756,912 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/11/15 11:27:44 | 000,020,208 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/11/03 20:08:02 | 000,095,832 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2005/10/19 15:39:34 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/10/04 10:42:48 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/03/30 19:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - [2010/02/25 10:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/01/07 17:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/12/10 14:48:40 | 000,041,504 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2009/08/14 06:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 06:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/27 08:55:32 | 000,019,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpvmp.sys -- (RDPVDD)
DRV - [2009/07/27 08:55:32 | 000,009,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdispm.sys -- (RDPDISPM)
DRV - [2009/06/15 16:21:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/06/03 11:01:28 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2009/05/15 15:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmser2.sys -- (NWVMPort2)
DRV - [2009/05/15 15:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmser.sys -- (NWVMPort)
DRV - [2009/05/15 15:34:30 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwvmmdm.sys -- (NWVMModem)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/20 20:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2009/01/14 12:07:28 | 000,876,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090116.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/01/14 12:07:28 | 000,089,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090116.004\NAVENG.SYS -- (NAVENG)
DRV - [2009/01/05 19:31:19 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/05 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/09/04 15:03:54 | 000,032,408 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2008/09/04 15:03:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/06/19 16:38:34 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/13 23:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/10/18 12:08:48 | 000,025,736 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/10/18 12:08:20 | 000,037,120 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuqbus.sys -- (GTUQBUS)
DRV - [2007/10/18 12:08:20 | 000,008,064 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007/08/02 18:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 18:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 18:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/07/31 02:17:26 | 000,418,864 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/06/25 19:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/05/30 05:10:42 | 000,011,000 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver)
DRV - [2007/05/30 05:10:42 | 000,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2007/03/30 22:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/02/19 15:27:34 | 001,228,296 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/01/30 15:37:18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/10/19 07:29:22 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/10/16 18:55:28 | 001,711,104 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/10/10 06:17:57 | 000,081,780 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2005/11/30 22:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/11/25 18:43:48 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2005/11/09 17:25:14 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/11/03 19:43:42 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2005/10/19 15:39:04 | 000,195,728 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/10/19 15:38:58 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/08/26 12:22:50 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/08/26 12:22:48 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/08/12 15:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/03 20:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/02/13 07:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070920

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....fr=ytff-amo&p="
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "cxmagazine.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.4.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {C1273352-9340-4d54-A6D7-17DC157EC0B9}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.5.2


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/01/12 13:51:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 15:16:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 06:08:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2010/02/18 04:35:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/02/19 15:55:15 | 000,000,000 | ---D | M]

[2010/02/18 04:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2010/02/18 04:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/01/27 15:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions\[email protected]
[2010/05/09 12:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions
[2008/01/18 15:42:29 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009/09/02 10:14:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/05 02:35:30 | 000,000,000 | ---D | M] (Html Validator) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010/02/25 02:38:57 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2010/02/05 02:35:23 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/06 13:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{b92d6e49-3672-4c79-80b1-b0b4465e2025}
[2008/10/10 21:57:13 | 000,000,000 | ---D | M] (Window Resizer) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{C1273352-9340-4d54-A6D7-17DC157EC0B9}
[2010/02/16 15:57:51 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/02 15:18:15 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/02/26 01:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\[email protected]
[2010/02/01 20:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\[email protected]
[2010/03/08 20:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\[email protected]
[2009/11/18 08:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\[email protected]
[2010/02/05 02:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\[email protected]
[2010/02/05 02:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\[email protected]
[2010/02/01 20:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\[email protected]\__MACOSX
[2010/02/01 20:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\[email protected]\chrome
[2010/02/01 20:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\extensions\[email protected]\defaults
[2010/02/18 04:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Mozilla\Sunbird\Profiles\mzh5bgz1.default\extensions
[2008/01/18 18:08:42 | 000,000,366 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\searchplugins\aolsearch.gif
[2008/01/18 18:08:42 | 000,000,294 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\searchplugins\aolsearch.src
[2008/01/18 18:07:50 | 000,001,034 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\searchplugins\aolsearch.xml
[2010/05/09 12:10:55 | 000,005,227 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\searchplugins\linkedin.xml
[2009/08/19 08:58:00 | 000,001,184 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\umy69a9v.default\searchplugins\winamp-search.xml
[2010/05/09 12:10:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 16:18:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2008/03/17 04:11:16 | 000,106,496 | ---- | M] (Adjustables ©) -- C:\Program Files\Mozilla Firefox\plugins\npadjdet.dll
[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2010/01/21 18:49:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O2 - BHO: (Loader Class) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\downloads\_FindeXerNightlyV1.1.0.3\FindeXer.dll (A Part of the LessCliX Suite by Alianyn)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (GRISOFT s.r.o.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download with BitKinex - C:\Program Files\BitKinex\ieext_cp.htm ()
O8 - Extra context menu item: &Register in BitKinex - C:\Program Files\BitKinex\ieext_reg.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1200959048828 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} https://www.mesh.com...014.7/TSWeb.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\wlcrdplauncher: DllName - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/22 07:23:59 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/17 14:48:16 | 000,000,040 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{179307f3-39cf-11de-9d93-0016414ac140}\Shell\AutoRun\command - "" = D:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{179307f3-39cf-11de-9d93-0016414ac140}\Shell\Flip Video for PC\command - "" = D:\system\viewer\FlipVideoforPC.exe -- File not found
O33 - MountPoints2\{88090f0f-da2b-11de-9dde-0016414ac140}\Shell - "" = AutoRun
O33 - MountPoints2\{88090f0f-da2b-11de-9dde-0016414ac140}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{88090f0f-da2b-11de-9dde-0016414ac140}\Shell\AutoRun\command - "" = D:\VZAccess_Manager.exe -- File not found
O33 - MountPoints2\{9604a497-96bf-11de-9dbb-0016414ac140}\Shell - "" = AutoRun
O33 - MountPoints2\{9604a497-96bf-11de-9dbb-0016414ac140}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9604a497-96bf-11de-9dbb-0016414ac140}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/04 14:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Social Ether
[2010/04/27 16:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/04/15 03:33:11 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2010/04/14 21:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\SDExplorer
[2010/04/14 15:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\MozillaControl
[2010/04/14 15:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Wolters Kluwer
[2010/04/14 15:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\H&R Block Business 2009
[2010/04/14 15:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CCHSFS
[2010/04/14 15:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\HRBlock2009
[2010/04/14 15:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\DeductionPro 2009
[2010/04/01 18:17:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2010/04/01 18:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2010/04/01 17:41:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Ahead
[2010/04/01 15:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Foxit Software
[2010/04/01 15:56:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Foxit
[2010/04/01 15:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/03/30 21:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoRescue 3.1.10208 PC
[2010/03/27 00:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/03/20 22:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Midnight!Software
[2010/03/18 14:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Diskeeper Corporation
[2010/03/18 14:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2010/03/18 14:03:00 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Home Server
[2010/03/18 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Diskeeper Corporation
[2010/03/15 22:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\TuneUp Software
[2010/03/15 22:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010/03/15 22:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/03/15 22:00:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/03/15 12:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\HeidiSQL
[2010/03/15 12:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HeidiSQL
[2010/03/15 12:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\HeidiSQL
[2010/03/14 10:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\Phoenix Technologies
[2010/03/12 00:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\Modem Diagnostic Tool
[2010/03/11 23:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2010/03/08 22:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\FindeXer
[2010/03/08 19:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock
[2010/03/08 11:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegInOut
[2010/03/08 11:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\RegInOut
[2010/03/06 08:33:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/03/05 14:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/03/05 07:38:43 | 000,000,000 | ---D | C] -- C:\Program Files\OpenPandora
[2010/03/03 12:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\WiredRed
[2010/03/03 12:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\WiredRed
[2010/03/03 12:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Deployment
[2010/02/18 04:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Sunbird
[2008/12/06 14:27:45 | 000,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll
[2008/11/09 12:51:06 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll

========== Files - Modified Within 90 Days ==========

[2010/05/10 01:37:48 | 013,369,344 | ---- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010/05/09 23:55:41 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2010/05/09 23:55:38 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2010/05/09 23:55:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/09 23:55:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/09 23:55:22 | 2136,969,216 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/09 23:45:48 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync
[2010/05/09 23:09:19 | 002,239,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/09 19:10:50 | 000,042,225 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\sitemap.pot
[2010/05/09 10:52:03 | 000,000,972 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\tomatokilla.AF
[2010/05/09 10:52:01 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\cyclocross.AF
[2010/05/07 22:54:19 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/05/04 14:58:24 | 000,002,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Auto Follow.lnk
[2010/05/04 14:54:33 | 000,335,680 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/04 14:54:30 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/05/04 14:18:17 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/05/04 13:54:05 | 001,584,678 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\EarthTainer-Construction-Guide.pdf
[2010/05/04 13:48:50 | 000,157,497 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Sunset-EarthTainer-Article.pdf
[2010/05/03 12:00:03 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2010/04/29 15:41:34 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/04/29 15:41:34 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/04/28 01:25:25 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Admin\ntuser.ini

========== Files Created - No Company Name ==========

[2010/05/09 23:45:48 | 000,000,000 | -HS- | C] () -- C:\DkHyperbootSync
[2010/05/09 19:10:50 | 000,042,225 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\sitemap.pot
[2010/05/04 16:08:04 | 000,000,972 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\tomatokilla.AF
[2010/05/04 16:07:58 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\cyclocross.AF
[2010/05/04 14:54:30 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/05/04 14:54:06 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Auto Follow.lnk
[2010/05/04 13:53:50 | 001,584,678 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\EarthTainer-Construction-Guide.pdf
[2010/05/04 13:48:48 | 000,157,497 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Sunset-EarthTainer-Article.pdf
[2010/04/29 15:41:34 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/04/29 15:41:34 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/04/14 21:13:35 | 000,653,312 | ---- | C] () -- C:\Program Files\Common Files\SetupDLL.dll
[2010/04/14 15:41:57 | 000,000,030 | ---- | C] () -- C:\Documents and Settings\Admin\DeductionPro2009.log
[2010/04/11 06:26:43 | 000,001,037 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\Account.atomsvc
[2010/04/06 06:09:43 | 000,000,014 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\AdobeUpdater6.rbt
[2010/03/16 23:56:22 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Admin\NTUSER.DAT_tureg_new.LOG
[2010/02/28 23:20:58 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2010/01/19 15:38:53 | 001,589,248 | ---- | C] () -- C:\WINDOWS\System32\libmysql_d.dll
[2009/10/06 00:05:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2009/10/05 23:22:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/10/05 23:21:11 | 000,000,134 | -H-- | C] () -- C:\WINDOWS\NsNetScan.ini
[2009/10/05 23:20:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2009/10/05 23:20:54 | 000,000,020 | ---- | C] () -- C:\WINDOWS\PM20.INI
[2009/10/05 23:20:25 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2009/10/05 23:06:23 | 000,000,525 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/03 10:54:01 | 000,000,267 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/12/07 02:03:03 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2008/11/09 12:51:06 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2008/11/09 12:51:06 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2008/11/09 12:51:06 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2008/08/20 11:52:55 | 000,018,073 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/07/03 23:26:08 | 000,000,415 | ---- | C] () -- C:\WINDOWS\VIEWER.INI
[2008/05/23 14:54:54 | 000,000,164 | ---- | C] () -- C:\WINDOWS\Topo.INI
[2008/04/15 07:17:50 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/04/15 07:17:49 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/03/07 10:53:49 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/03/03 00:56:31 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Progs_.ini
[2008/02/18 23:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2008/01/21 23:33:21 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/21 18:26:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2008/01/18 14:10:08 | 000,025,736 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2007/10/05 10:23:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/10/04 23:20:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/09/20 22:00:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/09/20 21:50:28 | 001,736,704 | ---- | C] () -- C:\WINDOWS\System32\Tsp1.dll
[2007/09/20 21:03:36 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/01/30 13:30:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2006/09/18 15:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 15:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2004/12/19 06:29:40 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/19 06:17:10 | 000,614,400 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 11:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 16:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 16:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 16:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/15 16:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll

========== LOP Check ==========

[2008/01/22 21:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\.ABC
[2008/01/21 21:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\.wyzo
[2008/01/18 14:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AT&T
[2008/07/10 01:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\AutoSync for Yahoo
[2010/05/09 14:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\BitKinex
[2008/12/05 01:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Blackberry Desktop
[2008/01/18 14:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Bytemobile
[2009/10/06 00:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Canon
[2009/07/09 07:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009/01/12 13:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ContentGuard
[2008/01/18 14:10:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\DBUpdater
[2009/05/20 15:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\eFax Messenger
[2010/01/10 19:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Eye-Fi
[2008/04/28 20:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\EyeOnWeb
[2010/02/02 13:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FileZilla
[2010/03/08 22:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FindeXer
[2008/07/07 22:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Flickr
[2010/04/01 15:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Foxit
[2010/04/01 15:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Foxit Software
[2008/01/18 14:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GetRightToGo
[2010/05/09 23:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\GoodSync
[2010/01/26 01:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Grisoft
[2010/03/15 12:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\HeidiSQL
[2009/05/20 15:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\j2 Global
[2010/03/20 22:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Midnight!Software
[2009/01/12 15:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\NetCentrics
[2009/05/28 23:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Netscape
[2009/10/05 23:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\NewSoft
[2008/08/18 09:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Notepad++
[2009/10/05 23:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\NSBackup
[2010/02/18 19:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Opera
[2009/05/28 23:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Photodex
[2008/12/05 01:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PushSyncData
[2008/12/05 01:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Research In Motion
[2008/12/05 01:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\RIM Palm&PPC Upgrade Wizard
[2009/10/05 23:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ScanSoft
[2008/01/18 14:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Sierra Wireless
[2009/12/05 00:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Smith Micro
[2008/12/19 16:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Snapfish
[2010/04/14 16:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TaxCut
[2010/02/18 04:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Thunderbird
[2010/03/15 22:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\TuneUp Software
[2008/11/17 17:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Wave Systems Corp
[2010/05/01 22:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\XnView
[2009/05/22 12:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\YouSendIt
[2008/04/09 23:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adjustables
[2008/02/10 01:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2010/01/19 19:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitKinex
[2009/02/07 06:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/03/18 14:03:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2009/05/20 15:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/01/19 15:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2008/03/21 21:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2010/01/26 01:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/03/15 12:42:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HeidiSQL
[2010/01/11 11:46:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/12/13 11:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2008/04/15 07:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/03/08 11:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegInOut
[2009/11/09 01:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/10/05 23:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/02/05 11:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/02/22 01:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMSI
[2009/10/05 23:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/10/05 23:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2008/06/06 18:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/04/14 16:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2010/04/14 11:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

GMER:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 07:19:38
Windows 5.1.2600 Service Pack 3
Running: hn434jfz.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\fwrdifow.sys


---- System - GMER 1.0.15 ----

SSDT 8A990960 ZwConnectPort
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xBA74B8AC]
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xBA74B812]

---- Kernel code sections - GMER 1.0.15 ----

page C:\WINDOWS\System32\Drivers\oz776.sys entry point in "page" section [0xBA202D4A]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0010c69d0161
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016414ac140
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0[email protected] 0x51 0x60 0x7B 0x79 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0[email protected] 0x2A 0x1F 0xF3 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0[email protected] 0x71 0x3A 0x64 0xCE ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0010c69d0161 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016414ac140 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0[email protected] 0x51 0x60 0x7B 0x79 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0[email protected] 0x2A 0x1F 0xF3 0x0D ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0[email protected] 0x71 0x3A 0x64 0xCE ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0010c69d0161 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0016414ac140 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0[email protected] 0x51 0x60 0x7B 0x79 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0[email protected] 0x2A 0x1F 0xF3 0x0D ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0[email protected] 0x71 0x3A 0x64 0xCE ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 83

---- Files - GMER 1.0.15 ----

File C:\RECYCLER\NPROTECT\00140718.TUD 18056 bytes

---- EOF - GMER 1.0.15 ----


mbam:
Malwarebytes' Anti-Malware 1.44
Database version: 3681
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/15/2010 3:55:02 AM
mbam-log-2010-05-15 (03-55-02).txt

Scan type: Quick Scan
Objects scanned: 120074
Time elapsed: 10 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


thanks for your help.

[2010/03/15 22:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/11/25 14:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2008/02/10 01:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/14 15:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wolters Kluwer
[2008/11/25 14:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/03/15 22:00:10 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EFB0FE0
< End of report >

Edited by cx luvr, 15 May 2010 - 05:33 AM.

  • 0

Advertisements


#2
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're still having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

What have you done to prevent access to your ftp? Have you changed passwords? Have you emptied your ftp content and made sure that only clean content was uploaded again? Which version of wordpress are you using?

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti
  • 0

#3
myrti

myrti

    Expert

  • Expert
  • 2,580 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP