Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browsers have been hijacked [Solved]

Started by Biff3 , Jun 06 2010 12:48 PM

  • This topic is locked This topic is locked

#1
Biff3
Posted 06 June 2010 - 12:48 PM

Biff3

    Member

  • Member
  • PipPip
  • 17 posts
Hello. I could use some help, I have two browsers on my computer, Firefox and IE. They have both been hijacked, this despite the fact I never even use IE. I tried using IE for the first time in months after realizing Firefox was hijacked, only to find out it was hijacked as well.

I've tried running every free program I could find. Spybot, Avast, Malewarebytes,Hitmanpro, Superantispyware. I had just Avast and Spyware blaster on my machine to begin with.

These programs did find and remove a couple of Trojans, but they don't fix the hijack problem. And when I click on a link, instead of typing in the URL,I get sent to random sites which usually start trying to download new trojans.

After reading through this site, I downloaded Hijackthis. Here is the scan results, I hope you can help. And thanks in advance.

Just so you know, the *west, *westathome, etc stuff is for my job and been on my machine for years. Also I am using a MagicJack for my phone.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:42:46 PM, on 6/6/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\SarbyxTrayClock\trayclock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\EvolKitty\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.westatho...stMessages.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKCU\..\Run: [SarbyxTrayClock] C:\Program Files\SarbyxTrayClock\trayclock.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\EvolKitty\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Click here to support the xp-AntiSpy project. - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Program Files\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Support for xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Program Files\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O15 - Trusted Zone: *.west.com
O15 - Trusted Zone: *.westathome.com
O15 - Trusted Zone: *.westathome.net
O15 - Trusted Zone: *.workathomeagent.net
O16 - DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} (TrivialPursuit Control) - http://www.worldwinn...vialpursuit.cab
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} (Jeopardy Control) - http://www.worldwinn...dy/jeopardy.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinn....0/iewwload.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinn...v57/wof/wof.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6672 bytes
  • 0

Advertisements

#2
SweetTech
Posted 06 June 2010 - 12:53 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days) and you need an explanation. If that's the case, just send me a message on here. :)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________


OTL Custom Scan
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /180

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.


NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)
3. The log that was produced after running GMER
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
  • 0

#3
Biff3
Posted 06 June 2010 - 01:15 PM

Biff3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL logfile created on: 6/6/2010 3:07:06 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\EvolKitty\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 104.00 Mb Available Physical Memory | 14.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 57.21 Gb Free Space | 74.97% Space Free | Partition Type: NTFS
Drive D: | 534.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 450.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 873A68D1D6BC48E
Current User Name: EvolKitty
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\EvolKitty\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\EvolKitty\Application Data\mjusbsp\magicJack.exe (magicJack L.P.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\SarbyxTrayClock\trayclock.exe (SarbyxLabs)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\EvolKitty\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- File not found
DRV - (SASDIFSV) -- File not found
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (viasraid) -- C:\WINDOWS\system32\drivers\viasraid.sys (VIA Technologies inc,.ltd)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.westatho...stMessages.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.titantv.c...m/default.aspx"
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.19
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.7.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.81
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..network.proxy.backup.ftp: "95.131.64.48"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "95.131.64.48"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "95.131.64.48"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "95.131.64.48"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "87.252.55.26 "
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "87.252.55.26 "
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "87.252.55.26 "
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "87.252.55.26 "
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "87.252.55.26 "
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 21:13:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 01:36:47 | 000,000,000 | ---D | M]

[2010/03/03 14:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Extensions
[2010/06/06 13:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions
[2010/03/08 08:08:05 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/06/05 11:49:41 | 000,000,000 | ---D | M] (WIPS - Webpage Image Preview and Save) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{326437fa-a19f-4b42-a8fe-79d42b498669}(2)
[2010/03/10 02:24:32 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/03/03 15:32:28 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2010/03/11 10:26:15 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/05/29 00:41:33 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/06/05 11:49:42 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}(2)
[2010/04/12 11:58:05 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/03/03 15:32:27 | 000,000,000 | ---D | M] (ImageTweak) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}
[2010/04/16 16:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\[email protected]
[2010/06/05 11:15:13 | 000,005,457 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\searchplugins\startpage.xml
[2010/06/06 13:56:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/12 18:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2009/09/12 18:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2009/09/12 18:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2009/09/12 18:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2009/09/12 18:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2009/09/12 18:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/06/05 22:19:52 | 000,403,666 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13964 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\EvolKitty\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [SarbyxTrayClock] C:\Program Files\SarbyxTrayClock\trayclock.exe (SarbyxLabs)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O15 - HKCU\..Trusted Domains: west.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: workathomeagent.net ([]* in Trusted sites)
O16 - DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} http://www.worldwinn...vialpursuit.cab (TrivialPursuit Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinn...dy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.247.15.53 24.247.24.53 68.115.71.53
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\EvolKitty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\EvolKitty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/03 12:45:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1997/01/30 05:45:28 | 000,000,000 | R--D | M] - D:\AUTORUN -- [ CDFS ]
O32 - AutoRun File - [1996/11/08 07:11:12 | 000,000,069 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1999/07/04 10:51:12 | 000,070,061 | R--- | M] () - E:\AUTOPLAY.EXE -- [ CDFS ]
O32 - AutoRun File - [1999/02/27 18:08:58 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\F\Shell\phone\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/03/03 12:16:26 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.imc - C:\WINDOWS\System32\IMC32.acm (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\SIRENACM.DLL (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.I420 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: VIDC.IV40 - C:\WINDOWS\System32\Ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\Ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Ligos Corporation)
Drivers32: vidc.MP42 - Mpg4c32.dll File not found
Drivers32: vidc.MP43 - Mpg4c32.dll File not found
Drivers32: vidc.MPG4 - Mpg4c32.dll File not found
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/06 15:04:31 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\EvolKitty\Desktop\OTL.exe
[2010/06/06 15:02:29 | 000,000,000 | ---D | C] -- C:\sasuninst.files
[2010/06/06 01:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/06 01:18:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\EvolKitty\Recent
[2010/06/05 22:23:12 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/06/05 22:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/06/05 22:20:29 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/06/05 21:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/05 21:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/05 21:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/05 16:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/05 16:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/05 12:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/04 17:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/02 08:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EvolKitty\Local Settings\Application Data\Help
[2010/06/02 08:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EvolKitty\Application Data\Help
[2010/05/24 04:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EvolKitty\Application Data\Malwarebytes
[2010/05/24 04:27:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/24 04:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/24 04:27:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/24 04:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/24 03:37:11 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/12 09:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EvolKitty\Application Data\Media Player Classic
[2010/05/12 09:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Essentials Codec Pack
[2010/05/12 08:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/05/10 14:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EvolKitty\My Documents\Vuze Downloads
[2010/05/10 14:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EvolKitty\Application Data\Azureus
[2010/05/10 14:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2010/05/10 02:42:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Governor of Poker
[2010/05/10 02:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\Governor of Poker
[2010/05/09 18:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/05/09 18:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EvolKitty\Local Settings\Application Data\WorldWinner.com
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\EvolKitty\*.tmp files -> C:\Documents and Settings\EvolKitty\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/06 15:05:01 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\q6ifthhr.exe
[2010/06/06 15:04:31 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\EvolKitty\Desktop\OTL.exe
[2010/06/06 14:42:22 | 000,002,455 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\HiJackThis.lnk
[2010/06/06 14:15:37 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\magicJack.lnk
[2010/06/06 14:15:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/06 14:14:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/06 14:14:51 | 000,060,452 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/06/06 01:35:10 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\EvolKitty\ntuser.dat
[2010/06/06 01:35:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\EvolKitty\ntuser.ini
[2010/06/06 01:35:05 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\EvolKitty\Local Settings\Application Data\IconCache.db
[2010/06/05 22:48:18 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/05 22:23:12 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/06/05 22:19:52 | 000,403,666 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/05 11:52:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/05 01:00:00 | 000,018,411 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\beavis.jpg
[2010/06/04 12:18:27 | 000,033,891 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\funny-signs-16.jpg
[2010/06/03 19:06:55 | 000,018,173 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\8962.jpg
[2010/06/03 19:06:33 | 000,030,578 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\cycle.jpg
[2010/06/03 19:06:14 | 000,054,713 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\grimace.jpg
[2010/06/03 19:05:44 | 000,022,518 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\snake.jpg
[2010/06/03 12:27:58 | 000,061,537 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\grammy.jpg
[2010/06/03 11:32:12 | 000,000,232 | ---- | M] () -- C:\WINDOWS\HPODJC05.INI
[2010/06/02 09:19:18 | 000,000,555 | ---- | M] () -- C:\WINDOWS\HPOTBX05.INI
[2010/06/02 01:03:40 | 000,109,491 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\kids.jpg
[2010/06/02 01:03:33 | 000,099,578 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\myass.jpg
[2010/06/02 01:03:26 | 000,324,625 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\lick.jpg
[2010/06/01 11:52:49 | 000,037,778 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\junlaptopeng.pdf
[2010/05/24 12:03:29 | 000,000,240 | ---- | M] () -- C:\WINDOWS\hpovwr05.INI
[2010/05/19 21:41:43 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/10 16:55:48 | 000,001,293 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Application Data\QuickZip45.ini
[2010/05/10 10:06:13 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/10 02:42:40 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\Governor of Poker.lnk
[2010/05/09 18:26:31 | 000,000,607 | ---- | M] () -- C:\WINDOWS\win.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\EvolKitty\*.tmp files -> C:\Documents and Settings\EvolKitty\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/06 15:05:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\q6ifthhr.exe
[2010/06/06 14:41:58 | 000,002,455 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\HiJackThis.lnk
[2010/06/05 22:20:54 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/05 00:59:59 | 000,018,411 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\beavis.jpg
[2010/06/04 12:18:26 | 000,033,891 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\funny-signs-16.jpg
[2010/06/03 22:49:42 | 006,291,456 | ---- | C] () -- C:\Documents and Settings\EvolKitty\ntuser.dat
[2010/06/03 12:28:23 | 000,054,713 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\grimace.jpg
[2010/06/03 12:28:16 | 000,030,578 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\cycle.jpg
[2010/06/03 12:28:07 | 000,022,518 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\snake.jpg
[2010/06/03 12:27:56 | 000,061,537 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\grammy.jpg
[2010/06/02 01:09:22 | 000,018,173 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\8962.jpg
[2010/06/02 01:03:39 | 000,109,491 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\kids.jpg
[2010/06/02 01:03:32 | 000,099,578 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\myass.jpg
[2010/06/02 01:03:25 | 000,324,625 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\lick.jpg
[2010/06/01 11:52:49 | 000,037,778 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\junlaptopeng.pdf
[2010/05/10 17:17:30 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/10 02:42:40 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\Governor of Poker.lnk
[2010/03/09 07:32:43 | 000,000,240 | ---- | C] () -- C:\WINDOWS\hpovwr05.INI
[2010/03/04 10:37:52 | 000,000,232 | ---- | C] () -- C:\WINDOWS\HPODJC05.INI
[2010/03/04 10:37:51 | 000,001,720 | ---- | C] () -- C:\WINDOWS\HPOCSS05.INI
[2010/03/04 10:37:51 | 000,000,555 | ---- | C] () -- C:\WINDOWS\HPOTBX05.INI
[2010/03/04 10:34:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\hpocnt05.dll
[2010/03/04 10:34:36 | 000,000,970 | ---- | C] () -- C:\WINDOWS\hpoio05.ini
[2010/03/04 10:34:36 | 000,000,065 | ---- | C] () -- C:\WINDOWS\opleinst.ini
[2010/03/03 13:02:40 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2010/03/03 13:02:34 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010/03/03 13:02:33 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010/03/03 13:02:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010/03/03 13:02:31 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2010/03/03 12:51:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/03/03 12:26:37 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/01/12 21:02:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/12 20:55:15 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/01/12 20:55:02 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/01/12 20:52:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2006/01/12 20:52:17 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/01/12 20:40:44 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/01/12 20:40:28 | 001,040,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/01/12 20:39:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2006/01/12 20:38:40 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2006/01/12 20:33:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2006/01/12 20:33:47 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\OEMinfo.ini
[2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/24 12:19:36 | 000,005,361 | ---- | C] () -- C:\WINDOWS\System32\hpolnk05.ini
[2001/10/24 12:19:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\hpomon05.dll

========== LOP Check ==========

[2010/03/13 11:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/04 10:17:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/03/04 10:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/06/05 22:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/06/06 15:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/09 18:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/06/05 21:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EvolKitty\Application Data\Azureus
[2010/03/20 06:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EvolKitty\Application Data\ICAClient
[2010/06/06 14:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EvolKitty\Application Data\mjusbsp
[2010/04/26 15:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EvolKitty\Application Data\PlayFirst

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/03/03 12:45:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/03 12:34:41 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2006/01/12 21:02:21 | 000,000,126 | ---- | M] () -- C:\cleanup.cmd
[2010/03/03 12:45:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/01/12 21:02:21 | 000,000,124 | ---- | M] () -- C:\desktop.ini
[2010/03/03 12:45:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/03 12:45:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/01/12 20:53:48 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006/01/12 20:56:42 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/06/06 14:14:45 | 1207,959,552 | -HS- | M] () -- C:\pagefile.sys
[2010/06/04 17:34:39 | 000,000,493 | ---- | M] () -- C:\rkill.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\user32.dll /md5 >
[2006/01/12 20:31:59 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2006/01/12 20:47:35 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[2008/10/28 21:23:22 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/03/03 12:20:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/03/03 12:20:32 | 000,655,360 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/03/03 12:20:32 | 000,778,240 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/05/06 15:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/06/05 22:48:18 | 000,015,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
  • 0

#4
Biff3
Posted 06 June 2010 - 01:27 PM

Biff3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL Extras logfile created on: 6/6/2010 3:07:06 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\EvolKitty\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 104.00 Mb Available Physical Memory | 14.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 57.21 Gb Free Space | 74.97% Space Free | Partition Type: NTFS
Drive D: | 534.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 450.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 873A68D1D6BC48E
Current User Name: EvolKitty
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Documents and Settings\EvolKitty\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\EvolKitty\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)

Edited by Biff3, 06 June 2010 - 01:29 PM.

  • 0

#5
Biff3
Posted 06 June 2010 - 01:31 PM

Biff3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00E15D21-B68B-D7C4-574B-636E2D1ECEBE}" = Catalyst Control Center HydraVision Full
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{1170F665-2359-E439-5BC5-932B87423EF1}" = ccc-utility
"{18C94B21-9C7B-11D0-933A-00608CEA7318}_is1" = 1.0.2
"{18C94B21-9C7B-11D0-933A-00608CEA7323}_is1" = ULTIMATE MOD 4
"{18C94B21-9C7B-11D0-933A-00608CEA7352}_is1" = Mirror Mirror mod
"{18C94B21-9C7B-11D0-933A-00608CEA7366}_is1" = Ultimate Dominion Mod III
"{18C94B21-9C7B-11D0-933A-00608CEA7371}_is1" = All The Ages mod
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{31C2F32D-C5DD-4583-8181-B48591CA231C}" = RapidPlayer v5.0 ActiveX Control
"{39D74E81-5DED-C7EE-8807-91A8800212FA}" = ccc-core-preinstall
"{41C01225-45FD-7BCE-1EDA-F7E50945ADD7}" = Catalyst Control Center Core Implementation
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{5E8E1294-7951-6DA9-10F1-C877871346F3}" = Skins
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{826F3B4F-C597-AF1D-4CB1-2F441BE8E2BF}" = ccc-core-static
"{87B20692-9E9D-FAE0-76C7-E75E3CC7B0D1}" = Catalyst Control Center Graphics Full Existing
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC388C78-2619-452C-BFBE-FABCC3194387}" = Microsoft Office Live Meeting 2007
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{C29769BE-BEDF-DC9E-67A9-5E7AEFF039CF}" = CCC Help English
"{C740289B-FC90-D938-8317-1FFEBF7C04DB}" = Catalyst Control Center Graphics Previews Common
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{F30A8BF7-288C-57C0-357E-6D67BB694682}" = Catalyst Control Center Graphics Full New
"{F54543CF-EC73-D847-1780-84A6420EA229}" = Catalyst Control Center Graphics Light
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ALShow_is1" = ALShow
"ALUpdate_is1" = ALTools Update
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"C-Media Audio" = C-Media 3D Audio
"EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
"Governor of Poker1.0" = Governor of Poker
"HP OfficeJet Series 700" = HP OfficeJet Series 700 (Remove Only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Quick Zip_is1" = Quick Zip 4.60.019
"QuicktimeAlt_is1" = QuickTime Alternative 1.67
"Sarbyx TrayClock_is1" = Sarbyx TrayClock v1.1
"SpywareBlaster_is1" = SpywareBlaster 4.3
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"WIC" = Windows Imaging Component
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d
"WinRAR archiver" = WinRAR archiver
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bce6e03966db8ddc" = WAH Assistant
"f7f9cabe8c290ac7" = West At Home Gateway V2
  • 0

#6
Biff3
Posted 06 June 2010 - 01:34 PM

Biff3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/16/2010 3:51:35 PM | Computer Name = 873A68D1D6BC48E | Source = Application Error | ID = 1000
Description = Faulting application javaw.exe, version 6.0.180.7, faulting module
java.dll, version 6.0.180.7, fault address 0x00004e46.

Edited by Biff3, 06 June 2010 - 01:38 PM.

  • 0

#7
Biff3
Posted 06 June 2010 - 01:43 PM

Biff3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The site won't let me post the rest of the log. I'll try to post the rest later.

I don't why. Every time I try to load the rest of the log I get an error.

Edited by Biff3, 06 June 2010 - 01:54 PM.

  • 0

#8
SweetTech
Posted 06 June 2010 - 01:54 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts

Extract the file and run it.


If TDSSKiller asks you to close all programs please allow it to do so.


Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)


If TDSSKiller asks to reboot your computer please allow it to do so.

Please post the content of that log TDSSKiller
  • 0

#9
Biff3
Posted 06 June 2010 - 02:03 PM

Biff3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
15:54:48:421 1884 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
15:54:48:421 1884 ================================================================================
15:54:48:421 1884 SystemInfo:

15:54:48:421 1884 OS Version: 5.1.2600 ServicePack: 2.0
15:54:48:421 1884 Product type: Workstation
15:54:48:421 1884 ComputerName: 873A68D1D6BC48E
15:54:48:421 1884 UserName: EvolKitty
15:54:48:421 1884 Windows directory: C:\WINDOWS
15:54:48:421 1884 Processor architecture: Intel x86
15:54:48:421 1884 Number of processors: 2
15:54:48:421 1884 Page size: 0x1000
15:54:48:421 1884 Boot type: Normal boot
15:54:48:421 1884 ================================================================================
15:54:49:156 1884 Initialize success
15:54:49:156 1884
15:54:49:156 1884 Scanning Services ...
15:54:50:218 1884 Raw services enum returned 304 services
15:54:50:234 1884
15:54:50:234 1884 Scanning Drivers ...
15:54:53:718 1884 Aavmker4 (a5246ed2586aa807af0bcf63165a71cc) C:\WINDOWS\system32\drivers\Aavmker4.sys
15:54:54:234 1884 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:54:54:390 1884 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:54:54:609 1884 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
15:54:54:750 1884 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
15:54:55:265 1884 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\WINDOWS\system32\drivers\aswFsBlk.sys
15:54:55:375 1884 aswMon2 (81432b1a4b31036c822eb967decf613c) C:\WINDOWS\system32\drivers\aswMon2.sys
15:54:55:468 1884 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\WINDOWS\system32\drivers\aswRdr.sys
15:54:55:562 1884 aswSP (d78b644816db540e103d0b0766fd9967) C:\WINDOWS\system32\drivers\aswSP.sys
15:54:55:671 1884 aswTdi (606d731008d98b6ef946730c597c1642) C:\WINDOWS\system32\drivers\aswTdi.sys
15:54:55:796 1884 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:54:55:875 1884 atapi (c4b52426b79c6f6664b70b8e63b1b837) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:54:56:265 1884 ati2mtag (067fca861588b18399555412a456de12) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:54:56:703 1884 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:54:56:765 1884 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:54:56:828 1884 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:54:56:859 1884 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:54:56:921 1884 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:54:57:000 1884 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
15:54:57:093 1884 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:54:57:312 1884 cmuda (e5adeef2c0db43964223f408f1fcc97e) C:\WINDOWS\system32\drivers\cmuda.sys
15:54:57:531 1884 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
15:54:57:687 1884 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
15:54:57:812 1884 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
15:54:58:031 1884 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
15:54:58:109 1884 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:54:58:187 1884 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
15:54:58:281 1884 Dot4 (ad7fc1963b152b3728e3c4f83554a576) C:\WINDOWS\system32\DRIVERS\Dot4.sys
15:54:58:343 1884 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
15:54:58:468 1884 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
15:54:58:562 1884 Fastfat (144ca88c1bfdb5ed724138d9c08d44c3) C:\WINDOWS\system32\drivers\Fastfat.sys
15:54:58:640 1884 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:54:58:828 1884 FETND5BV (7d53d569892b46738e87f39c9aa8488a) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
15:54:58:906 1884 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
15:54:58:968 1884 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:54:59:078 1884 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:54:59:140 1884 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:54:59:203 1884 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:54:59:265 1884 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:54:59:421 1884 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:54:59:546 1884 HTTP (3247a2db333d1521680e6864a8295a47) C:\WINDOWS\system32\Drivers\HTTP.sys
15:54:59:796 1884 i8042prt (46b07029c49853382a8010d1fdfb1c86) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:54:59:796 1884 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: 46b07029c49853382a8010d1fdfb1c86, Fake md5: 5502b58eef7486ee6f93f3f164dcb808
15:54:59:796 1884 File "C:\WINDOWS\system32\DRIVERS\i8042prt.sys" infected by TDSS rootkit ... 15:55:05:921 1884 Backup copy found, using it..
15:55:05:968 1884 will be cured on next reboot
15:55:06:187 1884 Imapi (ad5e8a6c823f24882a6826d7dbccf4a3) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:55:06:343 1884 intelppm (db8a1859cf9e48914dcc0a7206d87be5) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:55:06:437 1884 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:55:06:531 1884 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:55:06:625 1884 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:55:06:718 1884 IpNat (d58ecd3b3969a670e68588f1640920b6) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:55:06:843 1884 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:55:06:906 1884 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:55:07:078 1884 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:55:07:156 1884 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:55:07:250 1884 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
15:55:07:359 1884 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
15:55:07:546 1884 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
15:55:07:750 1884 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:55:07:812 1884 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
15:55:07:906 1884 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:55:08:000 1884 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
15:55:08:125 1884 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:55:08:265 1884 MRxSmb (4ae1dd77357f08b33854ab93b98a1371) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:55:08:359 1884 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
15:55:08:484 1884 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:55:08:546 1884 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:55:08:640 1884 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
15:55:08:703 1884 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:55:08:906 1884 Mup (79a9c030299e8cc04f18d0765155d902) C:\WINDOWS\system32\drivers\Mup.sys
15:55:09:031 1884 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
15:55:09:109 1884 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:55:09:171 1884 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:55:09:281 1884 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:55:09:359 1884 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
15:55:09:437 1884 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:55:09:546 1884 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:55:09:671 1884 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
15:55:09:781 1884 Ntfs (04e2d8d0de4c76cee33b7a7a0bcaf8c5) C:\WINDOWS\system32\drivers\Ntfs.sys
15:55:10:015 1884 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:55:10:078 1884 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:55:10:140 1884 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:55:10:203 1884 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
15:55:10:312 1884 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
15:55:10:375 1884 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:55:10:468 1884 PCI (de1d9a5d50166a6d8a51daa936fc56a4) C:\WINDOWS\system32\DRIVERS\pci.sys
15:55:10:671 1884 Pcmcia (36458ab24389af198194f73b9c6db8fe) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:55:11:109 1884 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:55:11:468 1884 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
15:55:11:578 1884 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:55:11:859 1884 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:55:11:984 1884 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:55:12:062 1884 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:55:12:093 1884 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:55:12:171 1884 Rdbss (d0fef8156d2d2fec557c100956d76887) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:55:12:265 1884 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:55:12:359 1884 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:55:12:484 1884 RDPWD (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
15:55:12:625 1884 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:55:12:687 1884 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:55:12:859 1884 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:55:12:906 1884 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
15:55:13:000 1884 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:55:13:156 1884 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
15:55:13:250 1884 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
15:55:13:296 1884 Srv (54e79b08d0abc9c551d0fe69cc2f87ec) C:\WINDOWS\system32\DRIVERS\srv.sys
15:55:13:468 1884 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:55:13:531 1884 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
15:55:13:687 1884 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
15:55:13:765 1884 Tcpip (2a4818aea80acd2c95d7d92d2f3155f8) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:55:14:031 1884 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:55:14:078 1884 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
15:55:14:171 1884 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:55:14:281 1884 Udfs (5468714efdcc70e24981e5874b5a6ce5) C:\WINDOWS\system32\drivers\Udfs.sys
15:55:14:421 1884 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
15:55:14:515 1884 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
15:55:14:562 1884 usbccgp (dd0b8c7b96107cbf8f70201a6ef7156e) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:55:14:625 1884 usbehci (085328b088e4d2bdb359c4952b2489d4) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:55:14:703 1884 usbhub (d31e07bf822c7f2bd32714e9ddca8be2) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:55:14:750 1884 USBSTOR (d31343bc16e50ad3b639e7d8d2639816) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:55:14:828 1884 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:55:14:953 1884 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
15:55:15:125 1884 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
15:55:15:203 1884 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:55:15:265 1884 viamraid (0363e216e4eb5052969c96608934dbde) C:\WINDOWS\system32\DRIVERS\viamraid.sys
15:55:15:343 1884 viasraid (ebe101c01d80a42868f57b327be1b564) C:\WINDOWS\system32\drivers\viasraid.sys
15:55:15:406 1884 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
15:55:15:468 1884 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:55:15:609 1884 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
15:55:15:734 1884 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:55:15:750 1884 Reboot required for cure complete..
15:55:16:468 1884 Cure on reboot scheduled successfully
15:55:16:468 1884
15:55:16:468 1884 Completed
15:55:16:468 1884
15:55:16:468 1884 Results:
15:55:16:468 1884 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:55:16:468 1884 File objects infected / cured / cured on reboot: 1 / 0 / 1
15:55:16:468 1884
15:55:16:500 1884 KLMD(ARK) unloaded successfully
  • 0

#10
SweetTech
Posted 06 June 2010 - 02:41 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

How are things running?


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /180

  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.



NEXT:


Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
3. The log that was produced after running the ESET Online Virus Scanner.
4. The log that was produced after running the OTL scan.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Cheers,
SweetTech.
  • 0

Advertisements

#11
Biff3
Posted 06 June 2010 - 04:42 PM

Biff3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
1) Hello, things seem to be better since running the TDSS killer.

2)Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4173

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6/6/2010 6:38:17 PM
mbam-log-2010-06-06 (18-38-17).txt

Scan type: Quick scan
Objects scanned: 119699
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#12
SweetTech
Posted 06 June 2010 - 04:45 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
:)
  • 0

#13
Biff3
Posted 06 June 2010 - 05:57 PM

Biff3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
3) ESET didn't produce a log. Just gave me message "No threats found".
  • 0

#14
SweetTech
Posted 06 June 2010 - 06:00 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay
  • 0

#15
Biff3
Posted 06 June 2010 - 06:02 PM

Biff3

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
4)

OTL logfile created on: 6/6/2010 7:56:34 PM - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\EvolKitty\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 258.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 57.11 Gb Free Space | 74.83% Space Free | Partition Type: NTFS
Drive D: | 534.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 450.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 873A68D1D6BC48E
Current User Name: EvolKitty
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\EvolKitty\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\EvolKitty\Application Data\mjusbsp\magicJack.exe (magicJack L.P.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\SarbyxTrayClock\trayclock.exe (SarbyxLabs)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\EvolKitty\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)


========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (viasraid) -- C:\WINDOWS\system32\drivers\viasraid.sys (VIA Technologies inc,.ltd)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.westatho...stMessages.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.titantv.c...m/default.aspx"
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: {DB2EA31C-58F5-48b7-8D60-CB0739257904}:0.19
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.7.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.81
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..network.proxy.backup.ftp: "95.131.64.48"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "95.131.64.48"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "95.131.64.48"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "95.131.64.48"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "87.252.55.26 "
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher: "87.252.55.26 "
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http: "87.252.55.26 "
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "87.252.55.26 "
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "87.252.55.26 "
FF - prefs.js..network.proxy.ssl_port: 80

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 21:13:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 01:36:47 | 000,000,000 | ---D | M]

[2010/03/03 14:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Extensions
[2010/06/06 13:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions
[2010/03/08 08:08:05 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/06/05 11:49:41 | 000,000,000 | ---D | M] (WIPS - Webpage Image Preview and Save) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{326437fa-a19f-4b42-a8fe-79d42b498669}(2)
[2010/03/10 02:24:32 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2010/03/03 15:32:28 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2010/03/11 10:26:15 | 000,000,000 | ---D | M] (IE View) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2010/05/29 00:41:33 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/06/05 11:49:42 | 000,000,000 | ---D | M] (DictionarySearch) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}(2)
[2010/04/12 11:58:05 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/03/03 15:32:27 | 000,000,000 | ---D | M] (ImageTweak) -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\{DB2EA31C-58F5-48b7-8D60-CB0739257904}
[2010/04/16 16:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\extensions\[email protected]
[2010/06/05 11:15:13 | 000,005,457 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Application Data\Mozilla\Firefox\Profiles\g78u2dwe.default\searchplugins\startpage.xml
[2010/06/06 13:56:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/12 18:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2009/09/12 18:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2009/09/12 18:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2009/09/12 18:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2009/09/12 18:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2009/09/12 18:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/06/05 22:19:52 | 000,403,666 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13964 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\EvolKitty\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [SarbyxTrayClock] C:\Program Files\SarbyxTrayClock\trayclock.exe (SarbyxLabs)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O15 - HKCU\..Trusted Domains: west.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: workathomeagent.net ([]* in Trusted sites)
O16 - DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} http://www.worldwinn...vialpursuit.cab (TrivialPursuit Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinn...dy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.247.15.53 24.247.24.53 68.115.71.53
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\EvolKitty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\EvolKitty\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/03 12:45:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1997/01/30 05:45:28 | 000,000,000 | R--D | M] - D:\AUTORUN -- [ CDFS ]
O32 - AutoRun File - [1996/11/08 07:11:12 | 000,000,069 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1999/07/04 10:51:12 | 000,070,061 | R--- | M] () - E:\AUTOPLAY.EXE -- [ CDFS ]
O32 - AutoRun File - [1999/02/27 18:08:58 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\F\Shell\phone\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/03/03 12:16:26 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/06 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/06 15:04:31 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\EvolKitty\Desktop\OTL.exe
[2010/06/06 01:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/06 01:18:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\EvolKitty\Recent
[2010/06/05 22:23:12 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/06/05 22:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/06/05 22:20:29 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/06/05 21:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/05 21:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/05 21:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/05 16:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/05 16:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/05 12:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/04 17:40:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/02 08:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EvolKitty\Local Settings\Application Data\Help
[2010/06/02 08:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EvolKitty\Application Data\Help
[2010/05/24 04:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EvolKitty\Application Data\Malwarebytes
[2010/05/24 04:27:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/24 04:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/24 04:27:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/24 04:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/24 03:37:11 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/12 09:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EvolKitty\Application Data\Media Player Classic
[2010/05/12 09:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Essentials Codec Pack
[2010/05/12 08:29:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/05/10 14:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EvolKitty\My Documents\Vuze Downloads
[2010/05/10 14:05:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EvolKitty\Application Data\Azureus
[2010/05/10 14:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2010/05/10 02:42:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Governor of Poker
[2010/05/10 02:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\Governor of Poker
[2010/05/09 18:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WorldWinner
[2010/05/09 18:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EvolKitty\Local Settings\Application Data\WorldWinner.com
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\EvolKitty\*.tmp files -> C:\Documents and Settings\EvolKitty\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/06 18:41:42 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\esetsmartinstaller_enu.exe
[2010/06/06 15:58:35 | 000,001,028 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\magicJack.lnk
[2010/06/06 15:58:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/06 15:58:10 | 000,060,452 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/06/06 15:58:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/06 15:56:22 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\EvolKitty\ntuser.dat
[2010/06/06 15:56:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\EvolKitty\ntuser.ini
[2010/06/06 15:56:17 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\EvolKitty\Local Settings\Application Data\IconCache.db
[2010/06/06 15:55:41 | 000,001,270 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Application Data\QuickZip45.ini
[2010/06/06 15:53:47 | 000,966,213 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\tdsskiller.zip
[2010/06/06 15:05:01 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\q6ifthhr.exe
[2010/06/06 15:04:31 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\EvolKitty\Desktop\OTL.exe
[2010/06/06 14:42:22 | 000,002,455 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\HiJackThis.lnk
[2010/06/05 22:48:18 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/05 22:23:12 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/06/05 22:19:52 | 000,403,666 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/05 11:52:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/05 01:00:00 | 000,018,411 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\beavis.jpg
[2010/06/04 12:18:27 | 000,033,891 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\funny-signs-16.jpg
[2010/06/03 19:06:55 | 000,018,173 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\8962.jpg
[2010/06/03 19:06:33 | 000,030,578 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\cycle.jpg
[2010/06/03 19:06:14 | 000,054,713 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\grimace.jpg
[2010/06/03 19:05:44 | 000,022,518 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\snake.jpg
[2010/06/03 12:27:58 | 000,061,537 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\grammy.jpg
[2010/06/03 11:32:12 | 000,000,232 | ---- | M] () -- C:\WINDOWS\HPODJC05.INI
[2010/06/02 09:19:18 | 000,000,555 | ---- | M] () -- C:\WINDOWS\HPOTBX05.INI
[2010/06/02 01:03:40 | 000,109,491 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\kids.jpg
[2010/06/02 01:03:33 | 000,099,578 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\myass.jpg
[2010/06/02 01:03:26 | 000,324,625 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\lick.jpg
[2010/06/01 11:52:49 | 000,037,778 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\junlaptopeng.pdf
[2010/05/24 12:03:29 | 000,000,240 | ---- | M] () -- C:\WINDOWS\hpovwr05.INI
[2010/05/19 21:41:43 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/10 10:06:13 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/10 02:42:40 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\EvolKitty\Desktop\Governor of Poker.lnk
[2010/05/09 18:26:31 | 000,000,607 | ---- | M] () -- C:\WINDOWS\win.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\EvolKitty\*.tmp files -> C:\Documents and Settings\EvolKitty\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/06 18:41:30 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\esetsmartinstaller_enu.exe
[2010/06/06 15:53:43 | 000,966,213 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\tdsskiller.zip
[2010/06/06 15:05:00 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\q6ifthhr.exe
[2010/06/06 14:41:58 | 000,002,455 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\HiJackThis.lnk
[2010/06/05 22:20:54 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/06/05 00:59:59 | 000,018,411 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\beavis.jpg
[2010/06/04 12:18:26 | 000,033,891 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\funny-signs-16.jpg
[2010/06/03 22:49:42 | 006,291,456 | ---- | C] () -- C:\Documents and Settings\EvolKitty\ntuser.dat
[2010/06/03 12:28:23 | 000,054,713 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\grimace.jpg
[2010/06/03 12:28:16 | 000,030,578 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\cycle.jpg
[2010/06/03 12:28:07 | 000,022,518 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\snake.jpg
[2010/06/03 12:27:56 | 000,061,537 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\grammy.jpg
[2010/06/02 01:09:22 | 000,018,173 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\8962.jpg
[2010/06/02 01:03:39 | 000,109,491 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\kids.jpg
[2010/06/02 01:03:32 | 000,099,578 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\myass.jpg
[2010/06/02 01:03:25 | 000,324,625 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\lick.jpg
[2010/06/01 11:52:49 | 000,037,778 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\junlaptopeng.pdf
[2010/05/10 17:17:30 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/10 02:42:40 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\EvolKitty\Desktop\Governor of Poker.lnk
[2010/03/09 07:32:43 | 000,000,240 | ---- | C] () -- C:\WINDOWS\hpovwr05.INI
[2010/03/04 10:37:52 | 000,000,232 | ---- | C] () -- C:\WINDOWS\HPODJC05.INI
[2010/03/04 10:37:51 | 000,001,720 | ---- | C] () -- C:\WINDOWS\HPOCSS05.INI
[2010/03/04 10:37:51 | 000,000,555 | ---- | C] () -- C:\WINDOWS\HPOTBX05.INI
[2010/03/04 10:34:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\hpocnt05.dll
[2010/03/04 10:34:36 | 000,000,970 | ---- | C] () -- C:\WINDOWS\hpoio05.ini
[2010/03/04 10:34:36 | 000,000,065 | ---- | C] () -- C:\WINDOWS\opleinst.ini
[2010/03/03 13:02:40 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2010/03/03 13:02:34 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010/03/03 13:02:33 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2010/03/03 13:02:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2010/03/03 13:02:31 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2010/03/03 12:51:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/03/03 12:26:37 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/01/12 21:02:21 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/12 20:55:15 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/01/12 20:55:02 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/01/12 20:52:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2006/01/12 20:52:17 | 000,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/01/12 20:40:44 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/01/12 20:40:28 | 001,040,384 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/01/12 20:39:33 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2006/01/12 20:38:40 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2006/01/12 20:33:47 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2006/01/12 20:33:47 | 000,000,609 | ---- | C] () -- C:\WINDOWS\System32\OEMinfo.ini
[2003/01/07 10:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/24 12:19:36 | 000,005,361 | ---- | C] () -- C:\WINDOWS\System32\hpolnk05.ini
[2001/10/24 12:19:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\hpomon05.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/03/03 12:45:26 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/03 12:34:41 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2006/01/12 21:02:21 | 000,000,126 | ---- | M] () -- C:\cleanup.cmd
[2010/03/03 12:45:26 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/01/12 21:02:21 | 000,000,124 | ---- | M] () -- C:\desktop.ini
[2010/03/03 12:45:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/03 12:45:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/01/12 20:53:48 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2006/01/12 20:56:42 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/06/06 15:58:04 | 1207,959,552 | -HS- | M] () -- C:\pagefile.sys
[2010/06/04 17:34:39 | 000,000,493 | ---- | M] () -- C:\rkill.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/10/28 21:23:22 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/03/03 12:20:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/03/03 12:20:32 | 000,655,360 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/03/03 12:20:32 | 000,778,240 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010/05/06 15:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/06/05 22:48:18 | 000,015,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/06/06 15:57:47 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP