Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Popup ads, slow system, browser redirects and MORE!


  • This topic is locked This topic is locked

#1
bluecheese

bluecheese

    New Member

  • Member
  • Pip
  • 9 posts
Hello! I'm really glad to have found this place.
Last night I was bumbling around google researching some crazy thing called 'rankpush' and managed to hit some random site that did some odd things to my computer. I did not install anything, but it seems to have taken care of that for me and done it by itself.
The only new software I've installed in the last month has been 1) a popcap game from the official popcap game site and 2) the software that came with a new canon digital camera (I used the discs from the factory).
I use firefox almost without exception. Within 15 minutes of visiting the rankpush sites, internet explorer windows started opening themselves, displaying ads for things like mortgages and banks, and then proceeded to do so every 10 minutes. Google searches I performed were redirected to similar ad sites. My computer became very slow. I could not download OTL.exe or any of the mirrored/alternate filenames (downloads simply wouldn't start or claimed to be cancelled). I decided to disconnect my 3G internet connection while reading one long page, in the hope that the ads would stop popping up and distracting me. The modem would not disconnect through the usual button, so I pulled it out of the USB port and continued reading. When I tried to reconnect it, it spat a bunch of errors up on the screen. At this point I tried to reboot. I couldn't reboot in any mode (safe or otherwise) and found my system restore points had been erased. After half an hour, safe mode worked. Two hours later (and I'm not sure why) the machine booted normally. My modem now works, everything seems to be going okay - aside from those ad popups, a really slow system. The redirects on google seem to have stopped but I don't trust this thing as far as I could throw it. The infected machine is my development laptop for my job, it is now monday morning, and it needs cleaning!

I appreciate any assistance anyone might be able to offer. I'm computer savvy enough to go through and poke whatever you tell me to. Let's begin!

Below is the log file generated by OTL.exe
OTL logfile created on: 21/03/2011 05:44:19 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = D:\

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy



2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]



%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 22.59 Gb Free Space | 30.32% Space Free | Partition Type: NTFS

Drive D: | 3.73 Gb Total Space | 3.47 Gb Free Space | 93.01% Space Free | Partition Type: FAT32



Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days



========== Processes (SafeList) ==========



PRC - [2011/03/20 19:41:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\OTL.com

PRC - [2011/03/20 19:15:17 | 000,146,160 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Temp\902kca6jh.exe

PRC - [2011/03/20 17:58:53 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Temp\Vk1.exe

PRC - [2011/03/20 17:58:47 | 000,149,504 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Temp\Vkz.exe

PRC - [2011/03/20 17:58:14 | 000,137,216 | ---- | M] () -- C:\WINDOWS\Vmucib.exe

PRC - [2011/03/20 17:58:00 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Temp\zitui1.exe

PRC - [2011/03/07 10:29:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/11/30 01:20:10 | 000,114,688 | ---- | M] () -- C:\Program Files\Virgin Mobile\Virgin Mobile.exe

PRC - [2010/09/27 16:14:21 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Owner\Local Settings\Temp\RtkBtMnt.exe

PRC - [2010/08/19 18:52:04 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe

PRC - [2010/02/11 13:58:03 | 000,087,040 | -H-- | M] () -- C:\WINDOWS\hig39gahir.exe

PRC - [2010/02/11 13:55:59 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe

PRC - [2009/06/17 21:18:42 | 006,582,912 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe

PRC - [2008/12/10 11:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe

PRC - [2008/12/10 11:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe

PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe





========== Modules (SafeList) ==========



MOD - [2011/03/20 19:41:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\OTL.com

MOD - [2010/08/24 02:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2010/02/11 13:58:15 | 000,371,712 | ---- | M] () -- C:\WINDOWS\akelosupu.dll

MOD - [2010/02/11 13:57:03 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msls31.dll

MOD - [2008/04/14 21:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shfolder.dll





========== Win32 Services (SafeList) ==========



SRV - [2010/08/19 18:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe -- (DCService.exe)

SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2009/06/17 21:18:42 | 006,582,912 | ---- | M] () [Auto | Running] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)

SRV - [2008/12/10 11:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)

SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)





========== Driver Services (SafeList) ==========



DRV - [2010/08/27 13:53:32 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2010/08/07 17:48:30 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2010/07/27 15:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - [2010/07/15 18:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)

DRV - [2010/07/15 18:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2010/02/11 14:21:11 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\iastor78.sys -- (iastor78)

DRV - [2010/02/11 14:01:06 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\dumpdrv.sys -- (DumpDrv)

DRV - [2009/10/08 01:01:32 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2009/08/27 08:10:26 | 000,213,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2009/05/01 09:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)

DRV - [2009/05/01 08:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

DRV - [2009/05/01 08:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)

DRV - [2007/05/31 20:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/05/02 12:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)





========== Standard Registry (SafeList) ==========





========== Internet Explorer ==========





IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 53 D6 F8 D7 E6 CB 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



========== FireFox ==========



FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - prefs.js..extensions.enabledItems: [email protected]:1.54

FF - prefs.js..extensions.enabledItems: [email protected]:1.6.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..extensions.enabledItems: [email protected]:2.0.16

FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1

FF - prefs.js..extensions.enabledItems: [email protected]:1.0.6

FF - prefs.js..extensions.enabledItems: [email protected]:1.20.0.66

FF - prefs.js..extensions.enabledItems: {AFE7D911-6EFF-4B3E-86EC-AB390970BE88}:1.9.1



FF - HKLM\software\mozilla\Firefox\Extensions\\{AFE7D911-6EFF-4B3E-86EC-AB390970BE88}: C:\Documents and Settings\Owner\Local Settings\Application Data\{AFE7D911-6EFF-4B3E-86EC-AB390970BE88} [2011/03/20 17:59:35 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/07 10:29:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/07 10:29:13 | 000,000,000 | ---D | M]



[2010/12/21 02:11:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2010/12/21 02:11:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]

[2011/03/20 19:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions

[2010/10/27 11:49:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/02/24 20:14:10 | 000,000,000 | ---D | M] (FileSonic Affiliate Plugin) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\[email protected]

[2010/12/14 13:11:03 | 000,000,000 | ---D | M] ("Flash Video Downloader - Youtube Downloader") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\[email protected]

[2011/03/03 05:51:07 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\[email protected]

[2011/01/30 16:13:57 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\[email protected]

[2010/12/14 13:11:01 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\[email protected]

[2010/09/28 04:08:10 | 000,000,000 | ---D | M] ("Alexa Toolbar") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\[email protected]

[2011/03/19 00:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/02/13 00:21:29 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/10/04 11:35:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/10/04 11:35:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/10/04 11:35:23 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2011/03/07 10:29:07 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2011/03/07 10:29:07 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2011/03/07 10:29:07 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2011/03/07 10:29:07 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml



O1 HOSTS File: ([2011/03/21 05:38:42 | 000,000,834 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 63.116.243.145

O1 - Hosts: 127.0.0.1 63.217.184.90

O1 - Hosts: 127.0.0.1 209.87.211.146

O1 - Hosts: 127.0.0.1 63.84.59.56

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Hkocogu] C:\WINDOWS\akelosupu.dll ()

O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [tukdtjsr] C:\WINDOWS\system32\tukdtjsr.exe ()

O4 - HKLM..\Run: [tukdtjsrx] C:\WINDOWS\system32\tukdtjsrx.exe ()

O4 - HKCU..\Run: [A9YA3MI1CF] C:\Documents and Settings\Owner\Local Settings\Temp\Vkz.exe ()

O4 - HKCU..\Run: [KCSCPW1HKH] C:\WINDOWS\Vmucia.exe ()

O4 - HKCU..\Run: [NtWqIVLZEWZU] C:\Documents and Settings\Owner\Local Settings\Temp\Vk2.exe ()

O4 - HKCU..\Run: [Wtebagoxo] C:\WINDOWS\kbdbdigr.dll (Red Hat)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\.pw Desktop.lnk = C:\Documents and Settings\Owner\Application Data\pwDesktop\current\pwDesktop.exe ()

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: fpact = C:\DOCUME~1\Owner\LOCALS~1\Temp\zitui1.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: dyrjnsrn = C:\WINDOWS\hig39gahir.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: fthsjesb = C:\WINDOWS\hig39gahir.exe ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\RailNotification: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/09/27 15:28:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007/12/11 12:00:30 | 000,000,064 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]

O33 - MountPoints2\{071a4dce-fbcc-11df-8e1f-00197ec8e144}\Shell - "" = AutoRun

O33 - MountPoints2\{071a4dce-fbcc-11df-8e1f-00197ec8e144}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{071a4dce-fbcc-11df-8e1f-00197ec8e144}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{6b491170-3e63-11e0-8e64-00197ec8e144}\Shell - "" = AutoRun

O33 - MountPoints2\{6b491170-3e63-11e0-8e64-00197ec8e144}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{6b491170-3e63-11e0-8e64-00197ec8e144}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*



========== Files/Folders - Created Within 30 Days ==========



[2011/03/20 19:15:23 | 000,015,360 | ---- | C] (微软中国) -- C:\WINDOWS\System32\dgjasr46w.exe

[2011/03/20 18:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/03/20 18:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/03/20 17:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{AFE7D911-6EFF-4B3E-86EC-AB390970BE88}

[2011/03/20 17:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OfferBox

[2011/03/18 11:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CameraWindowDC

[2011/03/18 11:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CANON INC

[2011/03/18 11:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ZoomBrowser EX

[2011/03/18 10:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser

[2011/03/18 10:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities

[2011/03/18 10:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Canon

[2011/03/18 10:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon

[2011/03/16 02:53:43 | 000,000,000 | ---D | C] -- C:\pz

[2011/03/14 15:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MyFreeCams

[2011/03/14 15:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\MyFreeCams

[2011/03/03 05:59:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos

[2011/03/03 05:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leadertech

[2011/03/03 05:58:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups

[2011/03/03 05:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech

[2011/03/03 05:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd

[2011/03/03 05:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech

[2011/03/03 00:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd

[2011/02/26 00:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity

[2011/02/25 23:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\AudacityPortable

[2011/02/25 06:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\500man

[2011/02/25 04:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\g

[2011/02/23 02:16:54 | 000,000,000 | ---D | C] -- C:\toprocess

[2011/02/23 02:02:37 | 000,000,000 | ---D | C] -- C:\dadcam

[2011/02/21 23:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Optus Mobile Broadband

[2011/02/21 23:08:00 | 000,082,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys

[2011/02/21 23:08:00 | 000,072,832 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys

[2011/02/21 23:08:00 | 000,051,712 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys

[2011/02/21 23:08:00 | 000,026,880 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys

[2011/02/21 23:08:00 | 000,019,456 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys

[2011/02/21 23:07:59 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys

[2011/02/21 23:07:59 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys

[2011/02/21 23:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Optus Mobile Broadband

[2011/02/21 23:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DatacardService

[2011/02/19 20:21:19 | 000,757,760 | ---- | C] (Sprout Games, LLC) -- C:\WINDOWS\WordHarmony.scr

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]



========== Files - Modified Within 30 Days ==========



[2011/03/21 05:45:02 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

[2011/03/21 05:37:37 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ozecedo.dat

[2011/03/21 05:37:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Yyuwo.bin

[2011/03/21 05:32:42 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

[2011/03/21 04:53:07 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/03/21 04:53:01 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

[2011/03/21 02:53:02 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/03/20 19:47:13 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2011/03/20 19:26:43 | 000,002,004 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\Default.rdp

[2011/03/20 19:15:27 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\service.sys

[2011/03/20 19:15:23 | 000,133,120 | ---- | M] () -- C:\WINDOWS\System32\tukdtjsr.exe

[2011/03/20 19:15:23 | 000,015,360 | ---- | M] (微软中国) -- C:\WINDOWS\System32\dgjasr46w.exe

[2011/03/20 19:15:17 | 000,146,160 | ---- | M] () -- C:\WINDOWS\System32\tukdtjsrx.exe

[2011/03/20 19:06:28 | 000,441,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/03/20 19:06:28 | 000,071,258 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/03/20 19:02:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/03/20 19:01:41 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\yusbe.job

[2011/03/20 19:01:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/03/20 17:58:14 | 000,137,216 | ---- | M] () -- C:\WINDOWS\Vmucib.exe

[2011/03/20 17:58:05 | 000,137,216 | ---- | M] () -- C:\WINDOWS\Vmucia.exe

[2011/03/20 17:57:53 | 000,135,168 | RHS- | M] () -- C:\WINDOWS\System32\noiset.dll

[2011/03/20 11:18:01 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/19 13:39:06 | 000,187,506 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HEREBEDRAGONS.jpg

[2011/03/19 07:09:22 | 000,012,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Zombatar_1.jpg

[2011/03/19 03:03:19 | 000,055,108 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jeye.jpg

[2011/03/19 01:10:04 | 000,000,319 | ---- | M] () -- C:\WINDOWS\popcinfot.dat

[2011/03/19 00:12:40 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Plants vs. Zombies.lnk

[2011/03/19 00:12:40 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url

[2011/03/18 11:48:13 | 000,113,198 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\canonsucks.jpg

[2011/03/18 10:56:51 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DCSD40-46 Software Starter Guide.lnk

[2011/03/18 10:56:48 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Personal Printing Guide.lnk

[2011/03/18 10:56:45 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerShot SD1200 IS_IXUS 95 IS Camera User Guide.lnk

[2011/03/18 10:56:08 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk

[2011/03/17 10:42:36 | 000,041,200 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dadshoe.jpg

[2011/03/17 10:38:44 | 000,041,862 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dadshoes.jpg

[2011/03/16 03:51:20 | 000,709,026 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\14-03-2011 18-44-05.png

[2011/03/14 00:52:16 | 000,013,696 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\joybomhe.csv

[2011/03/09 01:05:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2011/03/03 05:59:38 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2011/03/03 05:57:55 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk

[2011/03/02 19:36:51 | 000,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/03/01 04:57:51 | 001,948,895 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KFS.zip

[2011/02/28 09:39:01 | 000,010,919 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gwf.gif

[2011/02/28 09:30:55 | 000,011,088 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\logo.gif

[2011/02/26 02:43:21 | 001,926,393 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\posiblygreen tease.wmv

[2011/02/26 00:43:48 | 000,230,840 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\secondshot.mp3

[2011/02/26 00:23:20 | 000,204,509 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\firstshot.mp3

[2011/02/25 15:35:01 | 001,159,669 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSCF1744.JPG

[2011/02/25 15:32:18 | 001,160,910 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSCF1741.JPG

[2011/02/25 02:20:19 | 000,100,839 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cheesetime.png

[2011/02/25 02:15:36 | 000,807,259 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\63e3d68c_76d8_823a.jpg

[2011/02/24 22:35:18 | 000,001,601 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\links.html

[2011/02/21 23:08:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01009.Wdf

[2011/02/21 23:08:40 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2011/02/21 00:21:32 | 000,012,557 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\iheartcheese.jpg

[2011/02/20 17:13:43 | 000,155,126 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jacket.jpg

[2011/02/19 20:21:19 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Word Harmony Deluxe.lnk

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]



========== Files Created - No Company Name ==========



[2011/03/20 19:45:11 | 000,137,216 | ---- | C] () -- C:\WINDOWS\Vmucib.exe

[2011/03/20 19:15:27 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\service.sys

[2011/03/20 19:15:23 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\tukdtjsr.exe

[2011/03/20 19:15:09 | 000,146,160 | ---- | C] () -- C:\WINDOWS\System32\tukdtjsrx.exe

[2011/03/20 17:59:36 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ozecedo.dat

[2011/03/20 17:59:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Yyuwo.bin

[2011/03/20 17:59:00 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

[2011/03/20 17:58:51 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

[2011/03/20 17:58:17 | 000,137,216 | ---- | C] () -- C:\WINDOWS\Vmucia.exe

[2011/03/20 17:58:09 | 000,000,246 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

[2011/03/20 17:57:53 | 000,135,168 | RHS- | C] () -- C:\WINDOWS\System32\noiset.dll

[2011/03/20 17:57:53 | 000,000,300 | -HS- | C] () -- C:\WINDOWS\tasks\yusbe.job

[2011/03/19 13:39:05 | 000,187,506 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HEREBEDRAGONS.jpg

[2011/03/19 07:09:22 | 000,012,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Zombatar_1.jpg

[2011/03/19 03:03:19 | 000,055,108 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jeye.jpg

[2011/03/19 00:12:40 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Plants vs. Zombies.lnk

[2011/03/18 11:48:12 | 000,113,198 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\canonsucks.jpg

[2011/03/18 10:56:51 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DCSD40-46 Software Starter Guide.lnk

[2011/03/18 10:56:48 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Personal Printing Guide.lnk

[2011/03/18 10:56:45 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerShot SD1200 IS_IXUS 95 IS Camera User Guide.lnk

[2011/03/18 10:56:08 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk

[2011/03/17 10:42:36 | 000,041,200 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dadshoe.jpg

[2011/03/17 10:38:44 | 000,041,862 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dadshoes.jpg

[2011/03/16 03:51:06 | 000,709,026 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\14-03-2011 18-44-05.png

[2011/03/14 00:52:16 | 000,013,696 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\joybomhe.csv

[2011/03/09 21:29:24 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll

[2011/03/09 21:29:24 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll

[2011/03/03 05:59:38 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2011/03/03 05:58:28 | 000,034,068 | ---- | C] () -- C:\WINDOWS\System32\Repository.reg

[2011/03/03 05:57:55 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk

[2011/03/01 04:57:51 | 001,948,895 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KFS.zip

[2011/02/28 09:38:57 | 000,010,919 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gwf.gif

[2011/02/28 09:30:52 | 000,011,088 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\logo.gif

[2011/02/26 02:42:25 | 001,926,393 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\posiblygreen tease.wmv

[2011/02/26 00:43:46 | 000,230,840 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\secondshot.mp3

[2011/02/26 00:23:18 | 000,204,509 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\firstshot.mp3

[2011/02/25 15:34:21 | 001,159,669 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSCF1744.JPG

[2011/02/25 15:31:45 | 001,160,910 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSCF1741.JPG

[2011/02/25 02:20:19 | 000,100,839 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cheesetime.png

[2011/02/25 02:15:35 | 000,807,259 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\63e3d68c_76d8_823a.jpg

[2011/02/24 21:06:46 | 000,001,601 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\links.html

[2011/02/21 23:08:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01009.Wdf

[2011/02/21 23:08:40 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2011/02/21 00:21:32 | 000,012,557 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\iheartcheese.jpg

[2011/02/20 17:13:43 | 000,155,126 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jacket.jpg

[2011/02/19 20:21:19 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Word Harmony Deluxe.lnk

[2011/01/18 05:35:45 | 002,217,088 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe

[2011/01/18 05:35:45 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe

[2011/01/18 05:35:45 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll

[2011/01/18 05:35:45 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys

[2011/01/18 05:35:45 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys

[2010/10/30 11:48:36 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2010/10/09 10:40:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat

[2010/10/08 06:47:42 | 000,000,319 | ---- | C] () -- C:\WINDOWS\popcinfot.dat

[2010/09/27 17:00:46 | 000,040,880 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/09/27 16:52:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/09/27 16:26:20 | 000,095,232 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/27 16:12:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2010/09/27 15:28:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/09/27 15:25:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/09/27 15:24:52 | 000,052,836 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll

[2010/09/27 15:24:48 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll

[2010/09/27 15:24:46 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll

[2010/09/27 12:39:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/09/27 10:19:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/09/27 10:14:49 | 000,202,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/09/27 09:54:59 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/09/27 09:48:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/02/11 13:58:15 | 000,371,712 | ---- | C] () -- C:\WINDOWS\akelosupu.dll

[2010/02/11 13:58:03 | 000,087,040 | -H-- | C] () -- C:\WINDOWS\hig39gahir.exe

[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2008/04/14 21:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2008/04/14 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/14 21:00:00 | 000,441,362 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/14 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/14 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/14 21:00:00 | 000,071,258 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/14 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/14 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/14 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/14 21:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2008/04/14 21:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/14 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2008/04/14 21:00:00 | 000,000,009 | ---- | C] () -- C:\WINDOWS\System32\comsats.sys



========== LOP Check ==========



[2010/10/05 00:51:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2011/02/21 23:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService

[2010/09/29 10:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP

[2011/02/16 21:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear

[2010/10/08 10:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lencom

[2010/10/06 03:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games

[2011/01/28 09:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/09/27 09:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/11/01 10:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games

[2011/03/18 08:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla

[2010/09/30 08:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo

[2010/12/10 23:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IceChat

[2011/03/03 05:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech

[2011/03/20 18:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lencom

[2010/10/27 13:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1

[2010/09/27 16:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Notepad++

[2011/03/20 17:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfferBox

[2010/10/07 10:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org

[2010/12/12 23:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera

[2010/10/06 07:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PopCapv1000

[2010/10/12 07:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PopCapv1001

[2010/10/19 04:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PopCapv1003

[2010/10/23 10:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PopCapv1004

[2010/10/20 10:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PopCapv1006

[2010/09/27 16:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pwDesktop

[2010/12/19 22:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SERPAttacks

[2010/10/30 04:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sick Marketing

[2011/02/09 23:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop Games

[2011/02/01 14:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer

[2010/09/27 16:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Titanium

[2011/03/12 05:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent

[2010/10/29 02:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\X-Chat 2

[2011/03/20 19:01:41 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\Tasks\yusbe.job

[2011/03/21 04:53:01 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

[2011/03/21 05:45:02 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

[2011/03/21 05:32:42 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job



========== Purity Check ==========







========== Alternate Data Streams ==========



@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4AF8D0D

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27F44544



< End of report >


Again, thanks for taking a look at this! (please don't laugh at my crazy software)
  • 0

Advertisements


#2
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Hello bluecheese and welcome to G2G!

My name is Cold Titanium ;) , and I will be assisting you with your problem. I am still in training, so all my replies need to be checked by an expert first. So there may be a slight delay in between replies.

Please follow all of my instructions without skipping anything. Also, please refrain from experimenting around whilst I am helping you. At times some of the things I tell you to do may seem unnecessary and frustrating, but just stick to it and we'll get through :D

:D Note: Please save these instructions in a file or print them out, as the internet may not be available while we are fixing the system.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


"please don't laugh at my crazy software"

Bwahah...sorry :D

Please run another scan whilst I look over this one :D


Step #1

  • Download GMER to your desktop
  • Right-Click and extract it to the desktop
  • Double-Click gmer.exe
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. (Please be patient as it can take some time to complete)

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


After it finishes scanning
  • Click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save it to your desktop

Post ark.txt in your next reply
  • 0

#3
bluecheese

bluecheese

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Not a problem, running GMER now. I'm using another computer to use this forum, so the broken machine is chugging away by itself on the other side of the desk. Shouldn't be too long til the report is done. Thank you for responding so quickly :D
  • 0

#4
bluecheese

bluecheese

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Contents of ark.txt:

GMER 1.0.15.15570 - http://www.gmer.net

Rootkit scan 2011-03-21 07:21:00

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 TOSHIBA_ rev.DL25

Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgryypog.sys





---- User code sections - GMER 1.0.15 ----



.text C:\WINDOWS\System32\svchost.exe[1292] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007E000A

.text C:\WINDOWS\System32\svchost.exe[1292] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007F000A

.text C:\WINDOWS\System32\svchost.exe[1292] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007D000C

.text C:\WINDOWS\System32\svchost.exe[1292] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0293000A

.text C:\WINDOWS\System32\svchost.exe[1292] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0294000A

.text C:\WINDOWS\System32\svchost.exe[1292] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 0295000A

.text C:\WINDOWS\System32\svchost.exe[1292] ole32.dll!CoCreateInstance 774FF1C4 5 Bytes JMP 00F6000A

.text C:\WINDOWS\Explorer.EXE[2016] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D3000A

.text C:\WINDOWS\Explorer.EXE[2016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DD000A

.text C:\WINDOWS\Explorer.EXE[2016] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C8000C

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3420] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10406373 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Virgin Mobile\Virgin Mobile.exe[3680] USER32.dll!GetSysColor 7E418E78 5 Bytes JMP 00452440 C:\Program Files\Virgin Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\Virgin Mobile\Virgin Mobile.exe[3680] USER32.dll!GetSysColorBrush 7E418EAB 5 Bytes JMP 004524A0 C:\Program Files\Virgin Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\Virgin Mobile\Virgin Mobile.exe[3680] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 00452330 C:\Program Files\Virgin Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\Virgin Mobile\Virgin Mobile.exe[3680] USER32.dll!GetScrollInfo 7E42DFE2 7 Bytes JMP 00452280 C:\Program Files\Virgin Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\Virgin Mobile\Virgin Mobile.exe[3680] USER32.dll!ShowScrollBar 7E42F2F2 5 Bytes JMP 00452400 C:\Program Files\Virgin Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\Virgin Mobile\Virgin Mobile.exe[3680] USER32.dll!GetScrollPos 7E42F704 5 Bytes JMP 004522C0 C:\Program Files\Virgin Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\Virgin Mobile\Virgin Mobile.exe[3680] USER32.dll!SetScrollPos 7E42F750 5 Bytes JMP 00452370 C:\Program Files\Virgin Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\Virgin Mobile\Virgin Mobile.exe[3680] USER32.dll!GetScrollRange 7E42F787 5 Bytes JMP 004522F0 C:\Program Files\Virgin Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\Virgin Mobile\Virgin Mobile.exe[3680] USER32.dll!SetScrollRange 7E42F99B 5 Bytes JMP 004523B0 C:\Program Files\Virgin Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\Virgin Mobile\Virgin Mobile.exe[3680] USER32.dll!EnableScrollBar 7E468005 7 Bytes JMP 00452240 C:\Program Files\Virgin Mobile\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3820] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0228000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3820] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0229000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3820] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0227000C

.text C:\Program Files\Mozilla Firefox\firefox.exe[3820] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00EDC572

.text C:\Program Files\Mozilla Firefox\firefox.exe[3820] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00EDCAAC

.text C:\Program Files\Mozilla Firefox\firefox.exe[3820] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00EDC4A5

.text C:\Program Files\Mozilla Firefox\firefox.exe[3820] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00EDC9C7

.text C:\Program Files\Mozilla Firefox\firefox.exe[3820] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00EDCE63

.text C:\Program Files\Mozilla Firefox\firefox.exe[3820] GDI32.dll!GetGlyphIndicesW 77F5264C 5 Bytes JMP 00EDCF2D

.text C:\Program Files\Mozilla Firefox\firefox.exe[3820] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00EDB9F5

.text C:\Program Files\Mozilla Firefox\firefox.exe[3820] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 00EDC8DF

.text C:\Program Files\Mozilla Firefox\firefox.exe[3820] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 00EDC71B

.text C:\Program Files\Mozilla Firefox\firefox.exe[3820] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 00EDC392

.text C:\Program Files\Mozilla Firefox\firefox.exe[3820] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 00EDC63F

.text C:\Program Files\Mozilla Firefox\firefox.exe[3820] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 00EDC7F7



---- Devices - GMER 1.0.15 ----



Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskTOSHIBA_MK8037GSX_______________________DL250J__#4&11fb7fcc&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found



---- Threads - GMER 1.0.15 ----



Thread System [4:156] B9D6A096



---- Disk sectors - GMER 1.0.15 ----



Disk \Device\Harddisk0\DR0 [email protected] code has been found <-- ROOTKIT !!!

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior



---- EOF - GMER 1.0.15 ----
  • 0

#5
bluecheese

bluecheese

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Any clues? If this is going to take more than a day to fix just say the word and I'll reformat the whole machine.
  • 0

#6
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
I'm waiting on my teacher to clear my fix, otherwise I'm all ready. I don't think you'll need to reformat. I can see the infections and I know what to do, but I'm still just a senior so I have to get my fixes approved first.
  • 0

#7
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Step #1

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Step #2


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2010/02/11 13:58:15 | 000,371,712 | ---- | M] () -- C:\WINDOWS\akelosupu.dll
    FF - prefs.js..extensions.enabledItems: {AFE7D911-6EFF-4B3E-86EC-AB390970BE88}:1.9.1
    FF - HKLM\software\mozilla\Firefox\Extensions\\{AFE7D911-6EFF-4B3E-86EC-AB390970BE88}: C:\Documents and Settings\Owner\Local Settings\Application Data\{AFE7D911-6EFF-4B3E-86EC-AB390970BE88} [2011/03/20 17:59:35 | 000,000,000 | ---D | M]
    O4 - HKLM..\Run: [Hkocogu] C:\WINDOWS\akelosupu.dll ()
    O4 - HKLM..\Run: [tukdtjsr] C:\WINDOWS\system32\tukdtjsr.exe ()
    O4 - HKLM..\Run: [tukdtjsrx] C:\WINDOWS\system32\tukdtjsrx.exe ()
    O4 - HKCU..\Run: [A9YA3MI1CF] C:\Documents and Settings\Owner\Local Settings\Temp\Vkz.exe ()
    O4 - HKCU..\Run: [KCSCPW1HKH] C:\WINDOWS\Vmucia.exe ()
    O4 - HKCU..\Run: [NtWqIVLZEWZU] C:\Documents and Settings\Owner\Local Settings\Temp\Vk2.exe ()
    O4 - HKCU..\Run: [Wtebagoxo] C:\WINDOWS\kbdbdigr.dll (Red Hat)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: fpact = C:\DOCUME~1\Owner\LOCALS~1\Temp\zitui1.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: dyrjnsrn = C:\WINDOWS\hig39gahir.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: fthsjesb = C:\WINDOWS\hig39gahir.exe ()
    [2011/03/20 19:15:23 | 000,015,360 | ---- | C] (微软中国) -- C:\WINDOWS\System32\dgjasr46w.exe
    [2011/03/20 17:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{AFE7D911-6EFF-4B3E-86EC-AB390970BE88}
    [2011/03/20 17:59:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OfferBox
    [2011/03/21 05:45:02 | 000,000,246 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
    [2011/03/21 05:37:37 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ozecedo.dat
    [2011/03/21 05:37:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Yyuwo.bin
    [2011/03/21 05:32:42 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
    [2011/03/21 04:53:01 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2011/03/20 19:15:27 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\service.sys
    [2011/03/20 19:15:23 | 000,133,120 | ---- | M] () -- C:\WINDOWS\System32\tukdtjsr.exe
    [2011/03/20 19:15:23 | 000,015,360 | ---- | M] (微软中国) -- C:\WINDOWS\System32\dgjasr46w.exe
    [2011/03/20 19:15:17 | 000,146,160 | ---- | M] () -- C:\WINDOWS\System32\tukdtjsrx.exe
    [2011/03/20 19:01:41 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\yusbe.job
    [2011/03/20 17:58:14 | 000,137,216 | ---- | M] () -- C:\WINDOWS\Vmucib.exe
    [2011/03/20 17:58:05 | 000,137,216 | ---- | M] () -- C:\WINDOWS\Vmucia.exe
    [2011/03/20 17:57:53 | 000,135,168 | RHS- | M] () -- C:\WINDOWS\System32\noiset.dll
    [2010/02/11 13:58:03 | 000,087,040 | -H-- | C] () -- C:\WINDOWS\hig39gahir.exe
    [2008/04/14 21:00:00 | 000,000,009 | ---- | C] () -- C:\WINDOWS\System32\comsats.sys
    [2011/03/20 17:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfferBox
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like to see OTL.txt and the TDSSKiller log in your next post... :D
  • 0

#8
bluecheese

bluecheese

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
2011/03/22 10:39:12.0671 0832 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/22 10:39:12.0687 0832 ================================================================================

2011/03/22 10:39:12.0687 0832 SystemInfo:

2011/03/22 10:39:12.0687 0832

2011/03/22 10:39:12.0687 0832 OS Version: 5.1.2600 ServicePack: 3.0

2011/03/22 10:39:12.0687 0832 Product type: Workstation

2011/03/22 10:39:12.0687 0832 ComputerName: ANONYMOUS

2011/03/22 10:39:12.0687 0832 UserName: Owner

2011/03/22 10:39:12.0687 0832 Windows directory: C:\WINDOWS

2011/03/22 10:39:12.0687 0832 System windows directory: C:\WINDOWS

2011/03/22 10:39:12.0687 0832 Processor architecture: Intel x86

2011/03/22 10:39:12.0687 0832 Number of processors: 1

2011/03/22 10:39:12.0687 0832 Page size: 0x1000

2011/03/22 10:39:12.0687 0832 Boot type: Normal boot

2011/03/22 10:39:12.0687 0832 ================================================================================

2011/03/22 10:39:12.0890 0832 Initialize success

2011/03/22 10:39:26.0093 0764 ================================================================================

2011/03/22 10:39:26.0093 0764 Scan started

2011/03/22 10:39:26.0093 0764 Mode: Manual;

2011/03/22 10:39:26.0093 0764 ================================================================================

2011/03/22 10:39:26.0531 0764 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/03/22 10:39:26.0593 0764 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/03/22 10:39:26.0687 0764 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/03/22 10:39:26.0875 0764 AFD (e840fd588cd9da721500e2cc3c0efca2) C:\WINDOWS\System32\drivers\afd.sys

2011/03/22 10:39:27.0078 0764 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/03/22 10:39:27.0250 0764 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/03/22 10:39:27.0312 0764 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/03/22 10:39:27.0468 0764 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/03/22 10:39:27.0531 0764 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/03/22 10:39:27.0593 0764 b57w2k (8143be3d94866258f0b93373830cef01) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/03/22 10:39:27.0750 0764 BCM43XX (345d38f298368dd6b0df5c4f37457a22) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

2011/03/22 10:39:27.0937 0764 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/03/22 10:39:28.0031 0764 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/03/22 10:39:28.0093 0764 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/03/22 10:39:28.0156 0764 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/03/22 10:39:28.0234 0764 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/03/22 10:39:28.0375 0764 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/03/22 10:39:28.0500 0764 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/03/22 10:39:28.0562 0764 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/03/22 10:39:28.0781 0764 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/03/22 10:39:28.0937 0764 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/03/22 10:39:28.0984 0764 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/03/22 10:39:29.0031 0764 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/03/22 10:39:29.0093 0764 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/03/22 10:39:29.0171 0764 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/03/22 10:39:29.0343 0764 DumpDrv (b327281012b48bd73f587799f9f29be2) C:\WINDOWS\system32\drivers\DumpDrv.sys

2011/03/22 10:39:29.0421 0764 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys

2011/03/22 10:39:29.0453 0764 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys

2011/03/22 10:39:29.0531 0764 ewusbnet (a52794c010c6df5b4bc70c4ab5e04088) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys

2011/03/22 10:39:29.0703 0764 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys

2011/03/22 10:39:29.0843 0764 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys

2011/03/22 10:39:29.0906 0764 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/03/22 10:39:29.0968 0764 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/03/22 10:39:30.0000 0764 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/03/22 10:39:30.0140 0764 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/03/22 10:39:30.0203 0764 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/03/22 10:39:30.0250 0764 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/03/22 10:39:30.0281 0764 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/03/22 10:39:30.0359 0764 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/03/22 10:39:30.0437 0764 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/03/22 10:39:30.0515 0764 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/03/22 10:39:30.0703 0764 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/03/22 10:39:30.0812 0764 HTTP (937031c085718c1c04a9c0864625ec6b) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/03/22 10:39:30.0906 0764 huawei_enumerator (92548543d50c9bccdb31ffb7ec39249d) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys

2011/03/22 10:39:31.0078 0764 hwdatacard (1f40368dc40b17de3fa0fbe8a9d82f9e) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

2011/03/22 10:39:31.0265 0764 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/03/22 10:39:31.0390 0764 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/03/22 10:39:31.0609 0764 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2011/03/22 10:39:31.0687 0764 iastor78 (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\drivers\iastor78.sys

2011/03/22 10:39:31.0812 0764 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/03/22 10:39:32.0171 0764 IntcAzAudAddService (b45a576ad280dd4f605f58b24cdaafe1) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/03/22 10:39:32.0359 0764 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/03/22 10:39:32.0437 0764 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/03/22 10:39:32.0500 0764 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/03/22 10:39:32.0625 0764 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/03/22 10:39:32.0671 0764 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/03/22 10:39:32.0781 0764 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/03/22 10:39:32.0859 0764 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/03/22 10:39:32.0921 0764 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/03/22 10:39:33.0078 0764 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/03/22 10:39:33.0140 0764 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/03/22 10:39:33.0218 0764 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/03/22 10:39:33.0390 0764 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/03/22 10:39:33.0515 0764 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

2011/03/22 10:39:33.0578 0764 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys

2011/03/22 10:39:33.0640 0764 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/03/22 10:39:33.0890 0764 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/03/22 10:39:33.0937 0764 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/03/22 10:39:34.0000 0764 MountMgr (1a1faa5102466f418494e94ff9b0b091) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/03/22 10:39:34.0156 0764 MRxDAV (6a7c4ac5b52155115dee97995c1cf157) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/03/22 10:39:34.0234 0764 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/03/22 10:39:34.0296 0764 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/03/22 10:39:34.0375 0764 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/03/22 10:39:34.0546 0764 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/03/22 10:39:34.0578 0764 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/03/22 10:39:34.0656 0764 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/03/22 10:39:34.0703 0764 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/03/22 10:39:34.0765 0764 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys

2011/03/22 10:39:34.0937 0764 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/03/22 10:39:35.0031 0764 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys

2011/03/22 10:39:35.0093 0764 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/03/22 10:39:35.0140 0764 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/03/22 10:39:35.0328 0764 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/03/22 10:39:35.0359 0764 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/03/22 10:39:35.0437 0764 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/03/22 10:39:35.0500 0764 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/03/22 10:39:35.0640 0764 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/03/22 10:39:35.0765 0764 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/03/22 10:39:35.0796 0764 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/03/22 10:39:35.0875 0764 Ntfs (ae8cad8f28db13b515a68510a539b0b8) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/03/22 10:39:36.0093 0764 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/03/22 10:39:36.0140 0764 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/03/22 10:39:36.0171 0764 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/03/22 10:39:36.0218 0764 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/03/22 10:39:36.0281 0764 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/03/22 10:39:36.0437 0764 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/03/22 10:39:36.0500 0764 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/03/22 10:39:36.0531 0764 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/03/22 10:39:36.0609 0764 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys

2011/03/22 10:39:36.0781 0764 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/03/22 10:39:36.0968 0764 pepifilter (b20f958b207e6aaac5f70d04dd2c30d8) C:\WINDOWS\system32\DRIVERS\lv302af.sys

2011/03/22 10:39:37.0171 0764 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS

2011/03/22 10:39:37.0421 0764 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/03/22 10:39:37.0453 0764 PSched (d8e11d311785f89f1d70a28b0e879127) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/03/22 10:39:37.0515 0764 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/03/22 10:39:37.0687 0764 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/03/22 10:39:37.0765 0764 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/03/22 10:39:37.0859 0764 RasPppoe (2c9d4620a0fd35de1828370b392f6e2d) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/03/22 10:39:38.0015 0764 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/03/22 10:39:38.0093 0764 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/03/22 10:39:38.0171 0764 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/03/22 10:39:38.0265 0764 rdpdr (47ea20320e3d6fdc7b7bb22b2b881ca6) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/03/22 10:39:38.0437 0764 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/03/22 10:39:38.0515 0764 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/03/22 10:39:38.0625 0764 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys

2011/03/22 10:39:38.0906 0764 sdbus (d1facb3c7d12f439c18ef01aa88c2a9d) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2011/03/22 10:39:38.0953 0764 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/03/22 10:39:39.0031 0764 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/03/22 10:39:39.0093 0764 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/03/22 10:39:39.0265 0764 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/03/22 10:39:39.0390 0764 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/03/22 10:39:39.0468 0764 SR (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/03/22 10:39:39.0625 0764 Srv (70cd8b8dd2a680b128617c19eb0ab94f) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/03/22 10:39:39.0703 0764 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/03/22 10:39:39.0781 0764 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/03/22 10:39:39.0859 0764 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/03/22 10:39:40.0125 0764 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/03/22 10:39:40.0234 0764 Tcpip (ba8c046d98345129723e6bcaa1e8ab99) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/03/22 10:39:40.0296 0764 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/03/22 10:39:40.0453 0764 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/03/22 10:39:40.0515 0764 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/03/22 10:39:40.0609 0764 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\WINDOWS\system32\drivers\tifm21.sys

2011/03/22 10:39:40.0828 0764 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/03/22 10:39:40.0937 0764 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/03/22 10:39:41.0156 0764 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/03/22 10:39:41.0234 0764 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/03/22 10:39:41.0312 0764 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/03/22 10:39:41.0468 0764 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/03/22 10:39:41.0500 0764 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/03/22 10:39:41.0578 0764 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/03/22 10:39:41.0656 0764 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/03/22 10:39:41.0734 0764 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/03/22 10:39:41.0906 0764 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/03/22 10:39:41.0984 0764 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/03/22 10:39:42.0046 0764 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/03/22 10:39:42.0125 0764 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/03/22 10:39:42.0250 0764 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys

2011/03/22 10:39:42.0421 0764 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/03/22 10:39:42.0578 0764 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/03/22 10:39:42.0718 0764 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/03/22 10:39:42.0796 0764 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/03/22 10:39:42.0859 0764 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/03/22 10:39:42.0953 0764 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/03/22 10:39:43.0078 0764 ================================================================================

2011/03/22 10:39:43.0078 0764 Scan finished

2011/03/22 10:39:43.0078 0764 ================================================================================

2011/03/22 10:39:43.0109 2684 Detected object count: 1

2011/03/22 10:39:55.0765 2684 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/03/22 10:39:55.0765 2684 \HardDisk0 - ok

2011/03/22 10:39:55.0765 2684 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/03/22 10:40:27.0031 1412 Deinitialize success





All processes killed

========== OTL ==========

Prefs.js: {AFE7D911-6EFF-4B3E-86EC-AB390970BE88}:1.9.1 removed from extensions.enabledItems

Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{AFE7D911-6EFF-4B3E-86EC-AB390970BE88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFE7D911-6EFF-4B3E-86EC-AB390970BE88}\ not found.

C:\Documents and Settings\Owner\Local Settings\Application Data\{AFE7D911-6EFF-4B3E-86EC-AB390970BE88}\chrome\content folder moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\{AFE7D911-6EFF-4B3E-86EC-AB390970BE88}\chrome folder moved successfully.

C:\Documents and Settings\Owner\Local Settings\Application Data\{AFE7D911-6EFF-4B3E-86EC-AB390970BE88} folder moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Hkocogu deleted successfully.

C:\WINDOWS\akelosupu.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tukdtjsr deleted successfully.

C:\WINDOWS\system32\tukdtjsr.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tukdtjsrx deleted successfully.

C:\WINDOWS\system32\tukdtjsrx.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\A9YA3MI1CF deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temp\Vkz.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KCSCPW1HKH deleted successfully.

C:\WINDOWS\Vmucia.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NtWqIVLZEWZU deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temp\Vk2.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Wtebagoxo deleted successfully.

C:\WINDOWS\kbdbdigr.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\fpact deleted successfully.

C:\Documents and Settings\Owner\Local Settings\Temp\zitui1.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\dyrjnsrn deleted successfully.

C:\WINDOWS\hig39gahir.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\fthsjesb deleted successfully.

File C:\WINDOWS\hig39gahir.exe not found.

C:\WINDOWS\system32\dgjasr46w.exe moved successfully.

Folder C:\Documents and Settings\Owner\Local Settings\Application\ not found.

C:\Documents and Settings\Owner\Application Data\OfferBox folder moved successfully.

C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job moved successfully.

C:\WINDOWS\Ozecedo.dat moved successfully.

C:\WINDOWS\Yyuwo.bin moved successfully.

C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully.

C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.

C:\WINDOWS\system32\service.sys moved successfully.

File C:\WINDOWS\System32\tukdtjsr.exe not found.

File C:\WINDOWS\System32\dgjasr46w.exe not found.

File C:\WINDOWS\System32\tukdtjsrx.exe not found.

C:\WINDOWS\tasks\yusbe.job moved successfully.

C:\WINDOWS\Vmucib.exe moved successfully.

File C:\WINDOWS\Vmucia.exe not found.

C:\WINDOWS\system32\noiset.dll moved successfully.

File C:\WINDOWS\hig39gahir.exe not found.

C:\WINDOWS\system32\comsats.sys moved successfully.

Folder C:\Documents and Settings\Owner\Application Data\OfferBox\ not found.

========== COMMANDS ==========



[EMPTYTEMP]



User: All Users



User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56504 bytes



User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes



User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 6683422 bytes

->Flash cache emptied: 724 bytes



User: Owner

->Temp folder emptied: 534159124 bytes

->Temporary Internet Files folder emptied: 51728589 bytes

->Java cache emptied: 10040 bytes

->FireFox cache emptied: 75490785 bytes

->Google Chrome cache emptied: 9566983 bytes

->Opera cache emptied: 3271747 bytes

->Flash cache emptied: 204516 bytes



%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 15903863 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 79364098 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 3992217128 bytes



Total Files Cleaned = 4,548.00 mb





[EMPTYFLASH]



User: All Users



User: Default User

->Flash cache emptied: 0 bytes



User: LocalService



User: NetworkService

->Flash cache emptied: 0 bytes



User: Owner

->Flash cache emptied: 0 bytes



Total Flash Files Cleaned = 0.00 mb



Restore point Set: OTL Restore Point (0)



OTL by OldTimer - Version 3.2.22.3 log created on 03222011_112636



Files\Folders moved on Reboot...



Registry entries deleted on Reboot...
  • 0

#9
bluecheese

bluecheese

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Things seem to be working smoothly now! Thank you very, very, VERY MUCH! I owe you a pizza :D
  • 0

#10
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

You missed that step ^ After that we'll do a scan and then if that is clean we'll release you. :D
  • 0

Advertisements


#11
bluecheese

bluecheese

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here we go!

OTL logfile created on: 23/03/2011 11:07:43 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 26.84 Gb Free Space | 36.02% Space Free | Partition Type: NTFS
Drive D: | 27.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 3.73 Gb Total Space | 3.45 Gb Free Space | 92.51% Space Free | Partition Type: FAT32
Drive G: | 3.68 Gb Total Space | 1.17 Gb Free Space | 31.78% Space Free | Partition Type: FAT32

Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/22 11:30:19 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Owner\Local Settings\Temp\RtkBtMnt.exe
PRC - [2011/03/20 19:41:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\OTL.com
PRC - [2011/03/07 10:29:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/30 14:11:32 | 002,826,752 | ---- | M] () -- C:\Program Files\SERPAttacks\SERPattacks.exe
PRC - [2010/11/30 01:20:10 | 000,114,688 | ---- | M] () -- C:\Program Files\Virgin Mobile\Virgin Mobile.exe
PRC - [2010/08/19 18:52:04 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
PRC - [2010/02/11 13:55:59 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/06/17 21:18:42 | 006,582,912 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
PRC - [2008/12/10 11:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe
PRC - [2008/12/10 11:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2011/03/20 19:41:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- E:\OTL.com
MOD - [2010/08/24 02:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/02/11 13:58:15 | 000,371,200 | ---- | M] () -- C:\WINDOWS\agapomuk.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/19 18:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/06/17 21:18:42 | 006,582,912 | ---- | M] () [Auto | Running] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/10 11:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2010/08/27 13:53:32 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/08/07 17:48:30 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/07/27 15:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/07/15 18:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 18:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/11 14:21:11 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\iastor78.sys -- (iastor78)
DRV - [2010/02/11 14:01:06 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\dumpdrv.sys -- (DumpDrv)
DRV - [2009/10/08 01:01:32 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/27 08:10:26 | 000,213,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2009/05/01 09:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/05/01 08:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/05/01 08:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/05/31 20:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/02 12:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 53 D6 F8 D7 E6 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.54
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.16
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.0.66
FF - prefs.js..extensions.enabledItems: {478759F9-B85A-43A9-9B67-5DD74FD928BA}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{478759F9-B85A-43A9-9B67-5DD74FD928BA}: C:\Documents and Settings\Owner\Local Settings\Application Data\{478759F9-B85A-43A9-9B67-5DD74FD928BA} [2011/03/22 17:38:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/07 10:29:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/07 10:29:13 | 000,000,000 | ---D | M]

[2010/12/21 02:11:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/12/21 02:11:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2011/03/23 11:02:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions
[2010/10/27 11:49:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/14 13:11:03 | 000,000,000 | ---D | M] ("Flash Video Downloader - Youtube Downloader") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\[email protected]
[2011/03/03 05:51:07 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\[email protected]
[2011/01/30 16:13:57 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\[email protected]
[2010/12/14 13:11:01 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\[email protected]
[2010/09/28 04:08:10 | 000,000,000 | ---D | M] ("Alexa Toolbar") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\[email protected]
[2011/03/23 11:02:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/04 11:35:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/22 17:38:11 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{478759F9-B85A-43A9-9B67-5DD74FD928BA}
[2010/10/04 11:35:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/04 11:35:23 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/07 10:29:07 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/07 10:29:07 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/07 10:29:07 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/07 10:29:07 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/03/22 11:21:36 | 000,000,834 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 63.116.243.145
O1 - Hosts: 127.0.0.1 63.217.184.90
O1 - Hosts: 127.0.0.1 209.87.211.146
O1 - Hosts: 127.0.0.1 63.84.59.56
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Hkocogu] C:\WINDOWS\agapomuk.dll ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Wtebagoxo] C:\WINDOWS\kbdbdigr.dll (Red Hat)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\.pw Desktop.lnk = C:\Documents and Settings\Owner\Application Data\pwDesktop\current\pwDesktop.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\RailNotification: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/27 15:28:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/01/23 03:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/07/01 01:18:56 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2007/12/11 12:00:30 | 000,000,064 | ---- | M] () - E:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{071a4dce-fbcc-11df-8e1f-00197ec8e144}\Shell - "" = AutoRun
O33 - MountPoints2\{071a4dce-fbcc-11df-8e1f-00197ec8e144}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{071a4dce-fbcc-11df-8e1f-00197ec8e144}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/22 17:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{478759F9-B85A-43A9-9B67-5DD74FD928BA}
[2011/03/22 10:38:55 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/03/20 18:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/20 18:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/18 11:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CameraWindowDC
[2011/03/18 11:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CANON INC
[2011/03/18 11:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ZoomBrowser EX
[2011/03/18 10:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2011/03/18 10:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
[2011/03/18 10:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/03/18 10:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2011/03/16 02:53:43 | 000,000,000 | ---D | C] -- C:\pz
[2011/03/14 15:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MyFreeCams
[2011/03/14 15:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\MyFreeCams
[2011/03/03 05:59:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2011/03/03 05:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/03/03 05:58:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/03/03 05:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/03/03 05:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2011/03/03 05:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011/03/03 00:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2011/02/26 00:23:02 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2011/02/25 23:44:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\AudacityPortable
[2011/02/25 06:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\500man
[2011/02/25 04:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\g
[2011/02/23 02:16:54 | 000,000,000 | ---D | C] -- C:\toprocess
[2011/02/23 02:02:37 | 000,000,000 | ---D | C] -- C:\dadcam
[2011/02/21 23:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Optus Mobile Broadband
[2011/02/21 23:08:00 | 000,082,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2011/02/21 23:08:00 | 000,072,832 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2011/02/21 23:08:00 | 000,051,712 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2011/02/21 23:08:00 | 000,026,880 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2011/02/21 23:08:00 | 000,019,456 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[2011/02/21 23:07:59 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2011/02/21 23:07:59 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2011/02/21 23:07:40 | 000,000,000 | ---D | C] -- C:\Program Files\Optus Mobile Broadband
[2011/02/21 23:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DatacardService

========== Files - Modified Within 30 Days ==========

[2011/03/23 10:57:23 | 000,441,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/23 10:57:23 | 000,071,258 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/23 10:53:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/23 10:53:06 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/23 10:52:58 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/23 10:52:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/23 00:25:32 | 000,002,004 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\Default.rdp
[2011/03/23 00:17:23 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ozecedo.dat
[2011/03/23 00:17:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Yyuwo.bin
[2011/03/22 13:34:51 | 000,208,262 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\worldcitybrisbane.jpg
[2011/03/21 16:51:40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/21 12:05:57 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/21 12:03:19 | 000,189,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bookmarks-2011-03-21.json
[2011/03/20 17:07:56 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2011/03/19 13:39:06 | 000,187,506 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HEREBEDRAGONS.jpg
[2011/03/19 07:09:22 | 000,012,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Zombatar_1.jpg
[2011/03/19 03:03:19 | 000,055,108 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jeye.jpg
[2011/03/19 01:10:04 | 000,000,319 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/03/19 00:12:40 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Plants vs. Zombies.lnk
[2011/03/19 00:12:40 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2011/03/18 11:48:13 | 000,113,198 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\canonsucks.jpg
[2011/03/18 10:56:51 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DCSD40-46 Software Starter Guide.lnk
[2011/03/18 10:56:48 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Personal Printing Guide.lnk
[2011/03/18 10:56:45 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerShot SD1200 IS_IXUS 95 IS Camera User Guide.lnk
[2011/03/18 10:56:08 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2011/03/17 10:42:36 | 000,041,200 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dadshoe.jpg
[2011/03/17 10:38:44 | 000,041,862 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dadshoes.jpg
[2011/03/16 03:51:20 | 000,709,026 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\14-03-2011 18-44-05.png
[2011/03/14 00:52:16 | 000,013,696 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\joybomhe.csv
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/03/09 01:05:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/03 05:59:38 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/03/03 05:57:55 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2011/03/02 19:36:51 | 000,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/01 04:57:51 | 001,948,895 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\KFS.zip
[2011/02/28 09:39:01 | 000,010,919 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gwf.gif
[2011/02/28 09:30:55 | 000,011,088 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\logo.gif
[2011/02/26 02:43:21 | 001,926,393 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\posiblygreen tease.wmv
[2011/02/26 00:43:48 | 000,230,840 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\secondshot.mp3
[2011/02/26 00:23:20 | 000,204,509 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\firstshot.mp3
[2011/02/25 15:35:01 | 001,159,669 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSCF1744.JPG
[2011/02/25 15:32:18 | 001,160,910 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSCF1741.JPG
[2011/02/25 02:20:19 | 000,100,839 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cheesetime.png
[2011/02/25 02:15:36 | 000,807,259 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\63e3d68c_76d8_823a.jpg
[2011/02/24 22:35:18 | 000,001,601 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\links.html
[2011/02/21 23:08:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
[2011/02/21 23:08:40 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

========== Files Created - No Company Name ==========

[2011/03/22 17:38:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ozecedo.dat
[2011/03/22 17:38:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Yyuwo.bin
[2011/03/22 13:34:50 | 000,208,262 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\worldcitybrisbane.jpg
[2011/03/21 12:03:13 | 000,189,008 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bookmarks-2011-03-21.json
[2011/03/21 06:53:05 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2011/03/19 13:39:05 | 000,187,506 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HEREBEDRAGONS.jpg
[2011/03/19 07:09:22 | 000,012,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Zombatar_1.jpg
[2011/03/19 03:03:19 | 000,055,108 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jeye.jpg
[2011/03/19 00:12:40 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Plants vs. Zombies.lnk
[2011/03/18 11:48:12 | 000,113,198 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\canonsucks.jpg
[2011/03/18 10:56:51 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DCSD40-46 Software Starter Guide.lnk
[2011/03/18 10:56:48 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Personal Printing Guide.lnk
[2011/03/18 10:56:45 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerShot SD1200 IS_IXUS 95 IS Camera User Guide.lnk
[2011/03/18 10:56:08 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2011/03/17 10:42:36 | 000,041,200 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dadshoe.jpg
[2011/03/17 10:38:44 | 000,041,862 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dadshoes.jpg
[2011/03/16 03:51:06 | 000,709,026 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\14-03-2011 18-44-05.png
[2011/03/14 00:52:16 | 000,013,696 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\joybomhe.csv
[2011/03/09 21:29:24 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011/03/09 21:29:24 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011/03/03 05:59:38 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2011/03/03 05:58:28 | 000,034,068 | ---- | C] () -- C:\WINDOWS\System32\Repository.reg
[2011/03/03 05:57:55 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2011/03/01 04:57:51 | 001,948,895 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\KFS.zip
[2011/02/28 09:38:57 | 000,010,919 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gwf.gif
[2011/02/28 09:30:52 | 000,011,088 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\logo.gif
[2011/02/26 02:42:25 | 001,926,393 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\posiblygreen tease.wmv
[2011/02/26 00:43:46 | 000,230,840 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\secondshot.mp3
[2011/02/26 00:23:18 | 000,204,509 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\firstshot.mp3
[2011/02/25 15:34:21 | 001,159,669 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSCF1744.JPG
[2011/02/25 15:31:45 | 001,160,910 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSCF1741.JPG
[2011/02/25 02:20:19 | 000,100,839 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cheesetime.png
[2011/02/25 02:15:35 | 000,807,259 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\63e3d68c_76d8_823a.jpg
[2011/02/24 21:06:46 | 000,001,601 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\links.html
[2011/02/21 23:08:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
[2011/02/21 23:08:40 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/01/18 05:35:45 | 002,217,088 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/01/18 05:35:45 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/01/18 05:35:45 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/01/18 05:35:45 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/01/18 05:35:45 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/10/30 11:48:36 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/09 10:40:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/08 06:47:42 | 000,000,319 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/09/27 17:00:46 | 000,040,880 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/27 16:52:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/27 16:26:20 | 000,100,352 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/27 16:12:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/09/27 15:28:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/27 15:25:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/27 15:24:52 | 000,052,836 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/09/27 15:24:48 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
[2010/09/27 15:24:46 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2010/09/27 12:39:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/09/27 10:19:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/27 10:14:49 | 000,202,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/27 09:54:59 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/27 09:48:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/11 13:58:15 | 000,371,200 | ---- | C] () -- C:\WINDOWS\agapomuk.dll
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/04/14 21:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 21:00:00 | 000,441,362 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 21:00:00 | 000,071,258 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 21:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 21:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/10/05 00:51:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/02/21 23:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2010/09/29 10:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2011/02/16 21:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/10/08 10:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lencom
[2010/10/06 03:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/01/28 09:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/27 09:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/01 10:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2011/03/18 08:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2010/09/30 08:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2010/12/10 23:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IceChat
[2011/03/03 05:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/03/20 18:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lencom
[2010/10/27 13:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/09/27 16:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Notepad++
[2010/10/07 10:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2010/12/12 23:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2010/10/06 07:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PopCapv1000
[2010/10/12 07:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PopCapv1001
[2010/10/19 04:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PopCapv1003
[2010/10/23 10:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PopCapv1004
[2010/10/20 10:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PopCapv1006
[2010/09/27 16:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pwDesktop
[2010/12/19 22:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SERPAttacks
[2010/10/30 04:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sick Marketing
[2011/02/09 23:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop Games
[2011/02/01 14:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2010/09/27 16:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Titanium
[2011/03/12 05:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/10/29 02:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\X-Chat 2

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4AF8D0D
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27F44544

< End of report >
  • 0

#12
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Step #1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2010/02/11 13:58:15 | 000,371,200 | ---- | M] () -- C:\WINDOWS\agapomuk.dll
    O4 - HKLM..\Run: [Hkocogu] C:\WINDOWS\agapomuk.dll ()
    O4 - HKCU..\Run: [Wtebagoxo] C:\WINDOWS\kbdbdigr.dll (Red Hat)
    [2011/03/23 00:17:23 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ozecedo.dat
    [2011/03/23 00:17:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Yyuwo.bin
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Step #2

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like to see OTL.txt and the MBAM log in your next reply...
  • 0

#13
bluecheese

bluecheese

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello again!

I ran the OTL fix, rebooted and then hit Quick Scan again. I got the following error a few (dozen) times while the Quick Scan was running:
Windows - No Disk
Exception Processing Message c0000013 Parameters 75b6bf7c 75b6bf7c 75b6bf7c

Now, for OTL.txt:

OTL logfile created on: 13/04/2011 20:16:01 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 21.45 Gb Free Space | 28.78% Space Free | Partition Type: NTFS
Drive D: | 20.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 3.73 Gb Total Space | 3.43 Gb Free Space | 92.16% Space Free | Partition Type: FAT32

Computer Name: ANONYMOUS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/13 19:47:33 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Owner\Local Settings\Temp\RtkBtMnt.exe
PRC - [2011/03/24 19:59:35 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/20 19:41:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.com
PRC - [2011/02/21 23:07:56 | 000,114,688 | ---- | M] () -- C:\Program Files\Optus Mobile Broadband\Optus Mobile Broadband.exe
PRC - [2010/08/19 18:52:04 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
PRC - [2010/02/11 13:55:59 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/06/17 21:18:42 | 006,582,912 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
PRC - [2008/12/10 11:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- C:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe
PRC - [2008/12/10 11:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\Apache2.2.11\bin\httpd.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2011/03/20 19:41:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- F:\OTL.com
MOD - [2010/08/24 02:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/19 18:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/06/17 21:18:42 | 006,582,912 | ---- | M] () [Auto | Running] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/10 11:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - [2010/08/27 13:53:32 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/08/07 17:48:30 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/07/27 15:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/07/15 18:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 18:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/02/11 14:21:11 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\iastor78.sys -- (iastor78)
DRV - [2010/02/11 14:01:06 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\dumpdrv.sys -- (DumpDrv)
DRV - [2009/10/08 01:01:32 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/27 08:10:26 | 000,213,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2009/05/01 09:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/05/01 08:55:56 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/05/01 08:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/05/31 20:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/02 12:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 CD 1E 6A 73 F0 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:2.11
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.0.66
FF - prefs.js..extensions.enabledItems: {478759F9-B85A-43A9-9B67-5DD74FD928BA}:1.9.1
FF - prefs.js..network.proxy.http: "209.97.203.60"
FF - prefs.js..network.proxy.http_port: 1080
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{478759F9-B85A-43A9-9B67-5DD74FD928BA}: C:\Documents and Settings\Owner\Local Settings\Application Data\{478759F9-B85A-43A9-9B67-5DD74FD928BA} [2011/03/26 12:07:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 19:59:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 19:59:42 | 000,000,000 | ---D | M]

[2010/12/21 02:11:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/12/21 02:11:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\[email protected]
[2011/04/12 23:28:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions
[2010/10/27 11:49:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/05 22:56:32 | 000,000,000 | ---D | M] ("Flash Video Downloader (Youtube Downloader)") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\[email protected]
[2011/03/03 05:51:07 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\[email protected]
[2011/01/30 16:13:57 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\[email protected]
[2011/04/05 22:56:37 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\[email protected]
[2011/04/05 22:56:42 | 000,000,000 | ---D | M] ("Alexa Toolbar") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\a0cde0gc.default\extensions\[email protected]
[2011/04/11 22:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/04 11:35:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/26 12:07:46 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{478759F9-B85A-43A9-9B67-5DD74FD928BA}
[2010/10/04 11:35:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/04 11:35:23 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/07 10:29:07 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/07 10:29:07 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/07 10:29:07 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/07 10:29:07 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/03/22 11:21:36 | 000,000,834 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 63.116.243.145
O1 - Hosts: 127.0.0.1 63.217.184.90
O1 - Hosts: 127.0.0.1 209.87.211.146
O1 - Hosts: 127.0.0.1 63.84.59.56
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Wtebagoxo] C:\WINDOWS\kbdbdigr.dll (Red Hat)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\.pw Desktop.lnk = C:\Documents and Settings\Owner\Application Data\pwDesktop\current\pwDesktop.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.132.12 61.88.88.88
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\RailNotification: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/27 15:28:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/20 02:49:08 | 000,126,976 | R--- | M] () - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/09/14 21:01:18 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2007/12/11 12:00:30 | 000,000,064 | ---- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{071a4dce-fbcc-11df-8e1f-00197ec8e144}\Shell - "" = AutoRun
O33 - MountPoints2\{071a4dce-fbcc-11df-8e1f-00197ec8e144}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{071a4dce-fbcc-11df-8e1f-00197ec8e144}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{6b491170-3e63-11e0-8e64-00197ec8e144}\Shell - "" = AutoRun
O33 - MountPoints2\{6b491170-3e63-11e0-8e64-00197ec8e144}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6b491170-3e63-11e0-8e64-00197ec8e144}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010/08/20 02:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2010/08/20 02:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/13 20:09:57 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/11 00:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\InstantArticleWizard
[2011/04/11 00:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\InstantArticleWizard
[2011/04/11 00:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\JonathanLeger.com
[2011/04/11 00:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\IsolatedStorage
[2011/04/09 23:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/04/09 22:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\dvdcss
[2011/04/02 21:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\newhair
[2011/03/30 17:10:12 | 000,000,000 | ---D | C] -- C:\card
[2011/03/26 12:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{478759F9-B85A-43A9-9B67-5DD74FD928BA}
[2011/03/22 10:38:55 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\TDSSKiller.exe
[2011/03/20 18:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/20 18:08:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/18 11:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CameraWindowDC
[2011/03/18 11:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CANON INC
[2011/03/18 11:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ZoomBrowser EX
[2011/03/18 10:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2011/03/18 10:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon Utilities
[2011/03/18 10:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011/03/18 10:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2011/03/16 02:53:43 | 000,000,000 | ---D | C] -- C:\pz

========== Files - Modified Within 30 Days ==========

[2011/04/13 20:12:24 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/13 19:53:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/13 19:47:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/13 19:47:07 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/13 19:46:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/13 19:28:28 | 000,359,990 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SNC00267.jpg
[2011/04/13 17:57:51 | 000,441,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/13 17:57:51 | 000,071,258 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/12 04:16:22 | 000,133,120 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/11 08:38:08 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/11 04:24:30 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to My Computer.lnk
[2011/04/09 23:16:43 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/04/09 23:08:49 | 020,586,196 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\vlc-1.1.8-win32.exe
[2011/04/08 16:27:57 | 000,001,383 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\z.jpg
[2011/04/08 01:18:13 | 000,116,976 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\cheesehat.jpg
[2011/04/08 00:04:41 | 000,271,024 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SNC00273.jpg
[2011/04/08 00:03:46 | 000,249,988 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SNC00268.jpg
[2011/04/07 18:14:11 | 005,317,785 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\930smf.sic
[2011/04/06 23:22:01 | 004,256,366 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\FileZilla_3.4.0_win32-setup.exe
[2011/04/03 20:33:48 | 000,007,545 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tehrainbowguy.csv
[2011/04/02 13:20:51 | 000,015,125 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Untitled-4.gif
[2011/04/02 13:14:06 | 000,014,662 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\too-soon-nami.gif
[2011/03/31 17:14:23 | 000,011,059 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\spike2.gif
[2011/03/28 18:14:18 | 000,001,227 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Last Resort.lnk
[2011/03/26 18:15:44 | 000,002,004 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\Default.rdp
[2011/03/26 01:30:20 | 000,057,146 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\spike.jpg
[2011/03/26 00:14:28 | 000,008,406 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\images.jpg
[2011/03/25 14:32:44 | 000,022,603 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\iz7ag.jpg
[2011/03/25 13:13:15 | 000,014,894 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\me4543.png
[2011/03/22 13:34:51 | 000,208,262 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\worldcitybrisbane.jpg
[2011/03/21 12:03:19 | 000,189,008 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bookmarks-2011-03-21.json
[2011/03/20 17:07:56 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2011/03/19 13:39:06 | 000,187,506 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HEREBEDRAGONS.jpg
[2011/03/19 07:09:22 | 000,012,064 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Zombatar_1.jpg
[2011/03/19 03:03:19 | 000,055,108 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\jeye.jpg
[2011/03/19 01:10:04 | 000,000,319 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2011/03/19 00:12:40 | 000,000,966 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Plants vs. Zombies.lnk
[2011/03/19 00:12:40 | 000,000,198 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play More Great Games!.url
[2011/03/18 11:48:13 | 000,113,198 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\canonsucks.jpg
[2011/03/18 10:56:51 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DCSD40-46 Software Starter Guide.lnk
[2011/03/18 10:56:48 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Personal Printing Guide.lnk
[2011/03/18 10:56:45 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerShot SD1200 IS_IXUS 95 IS Camera User Guide.lnk
[2011/03/18 10:56:08 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2011/03/17 10:42:36 | 000,041,200 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dadshoe.jpg
[2011/03/17 10:38:44 | 000,041,862 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dadshoes.jpg
[2011/03/16 03:51:20 | 000,709,026 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\14-03-2011 18-44-05.png

========== Files Created - No Company Name ==========

[2011/04/13 19:28:18 | 000,359,990 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SNC00267.jpg
[2011/04/11 04:24:30 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to My Computer.lnk
[2011/04/09 23:16:43 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/04/09 23:07:12 | 020,586,196 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\vlc-1.1.8-win32.exe
[2011/04/08 16:27:57 | 000,001,383 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\z.jpg
[2011/04/08 01:18:12 | 000,116,976 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\cheesehat.jpg
[2011/04/08 00:04:32 | 000,271,024 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SNC00273.jpg
[2011/04/08 00:03:38 | 000,249,988 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SNC00268.jpg
[2011/04/07 18:12:23 | 005,317,785 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\930smf.sic
[2011/04/06 23:21:39 | 004,256,366 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\FileZilla_3.4.0_win32-setup.exe
[2011/04/03 20:33:48 | 000,007,545 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tehrainbowguy.csv
[2011/04/02 13:20:51 | 000,015,125 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Untitled-4.gif
[2011/04/02 13:14:06 | 000,014,662 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\too-soon-nami.gif
[2011/03/31 17:14:23 | 000,011,059 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\spike2.gif
[2011/03/28 18:14:18 | 000,001,227 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Last Resort.lnk
[2011/03/26 01:30:20 | 000,057,146 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\spike.jpg
[2011/03/26 00:14:26 | 000,008,406 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\images.jpg
[2011/03/25 14:32:41 | 000,022,603 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\iz7ag.jpg
[2011/03/25 13:13:11 | 000,014,894 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\me4543.png
[2011/03/22 13:34:50 | 000,208,262 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\worldcitybrisbane.jpg
[2011/03/21 12:03:13 | 000,189,008 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bookmarks-2011-03-21.json
[2011/03/21 06:53:05 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\gmer.exe
[2011/03/19 13:39:05 | 000,187,506 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HEREBEDRAGONS.jpg
[2011/03/19 07:09:22 | 000,012,064 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Zombatar_1.jpg
[2011/03/19 03:03:19 | 000,055,108 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\jeye.jpg
[2011/03/19 00:12:40 | 000,000,966 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Plants vs. Zombies.lnk
[2011/03/18 11:48:12 | 000,113,198 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\canonsucks.jpg
[2011/03/18 10:56:51 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DCSD40-46 Software Starter Guide.lnk
[2011/03/18 10:56:48 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Personal Printing Guide.lnk
[2011/03/18 10:56:45 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerShot SD1200 IS_IXUS 95 IS Camera User Guide.lnk
[2011/03/18 10:56:08 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
[2011/03/17 10:42:36 | 000,041,200 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dadshoe.jpg
[2011/03/17 10:38:44 | 000,041,862 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dadshoes.jpg
[2011/03/16 03:51:06 | 000,709,026 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\14-03-2011 18-44-05.png
[2011/01/18 05:35:45 | 002,217,088 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/01/18 05:35:45 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/01/18 05:35:45 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/01/18 05:35:45 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/01/18 05:35:45 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/10/30 11:48:36 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/09 10:40:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/10/08 06:47:42 | 000,000,319 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/09/27 17:00:46 | 000,040,880 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/27 16:52:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/27 16:26:20 | 000,133,120 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/27 16:12:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/09/27 15:28:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/27 15:25:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/27 15:24:52 | 000,052,836 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010/09/27 15:24:48 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
[2010/09/27 15:24:46 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2010/09/27 12:39:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/09/27 10:19:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/27 10:14:49 | 000,202,528 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/27 09:54:59 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/27 09:48:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 22:39:36 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/04/14 21:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 21:00:00 | 000,441,362 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 21:00:00 | 000,071,258 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 21:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 21:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/10/05 00:51:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/02/21 23:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2010/09/29 10:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2011/02/16 21:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/10/08 10:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lencom
[2010/10/06 03:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/01/28 09:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/27 09:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/01 10:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Big Fish Games
[2011/04/13 03:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FileZilla
[2010/09/30 08:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2010/12/10 23:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IceChat
[2011/04/11 00:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\JonathanLeger.com
[2011/03/03 05:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/03/20 18:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lencom
[2010/10/27 13:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2010/09/27 16:43:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Notepad++
[2010/10/07 10:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2010/12/12 23:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2010/10/06 07:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PopCapv1000
[2010/10/12 07:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PopCapv1001
[2010/10/19 04:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PopCapv1003
[2010/10/23 10:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PopCapv1004
[2010/10/20 10:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PopCapv1006
[2010/09/27 16:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pwDesktop
[2010/12/19 22:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SERPAttacks
[2010/10/30 04:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sick Marketing
[2011/02/09 23:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop Games
[2011/02/01 14:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TeamViewer
[2010/09/27 16:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Titanium
[2011/03/12 05:36:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2010/10/29 02:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\X-Chat 2

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4AF8D0D
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:27F44544

< End of report >


MBAM results will be in my next post in the next half hour.
  • 0

#14
bluecheese

bluecheese

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
The MBAM scan found 10 nasty things and demanded a reboot. The first log before it rebooted:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6350

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13/04/2011 20:27:08
mbam-log-2011-04-13 (20-27-08).txt

Scan type: Quick scan
Objects scanned: 144894
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\kbdbdigr.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\A9YA3MI1CF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\KCSCPW1HKH (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDORSYS (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Wtebagoxo (Trojan.Hiloti) -> Value: Wtebagoxo -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\kbdbdigr.dll (Trojan.Hiloti) -> Delete on reboot.


The second log after running the scan after the reboot looks like this:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6350

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13/04/2011 20:48:24
mbam-log-2011-04-13 (20-48-24).txt

Scan type: Quick scan
Objects scanned: 144701
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#15
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
What problems are you currently having?

Do you have a proxy running through RackSpace on purpose?

FF - prefs.js..network.proxy.http: "209.97.203.60"
FF - prefs.js..network.proxy.http_port: 1080
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP