Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Security Protection 'designed to protect' leftovers.

Started by Hadji , Sep 02 2011 04:50 PM

  • This topic is locked This topic is locked

#1
Hadji
Posted 02 September 2011 - 04:50 PM

Hadji

    Member

  • Member
  • PipPip
  • 41 posts
Dear Geekstogo, Last night I was blindsided by the Security Protection 'designed to protect' Virus (http://www.geekstogo...ity-protection/)

I took steps from several sites to try to remove this malware, especially the ones here at GeekstoGo.

It took a while to stop the splash popups to stop but there is a side effect that I was not able to remove.

Basically while the virus was active, it disabled all my malware removal tools. Here is a list of programs it began to block (i.e. Kills the program while it is midscan)

MalwareBytes
SUPERAntiSpyware (I installed this because the above program was rendered unusable, but was also killed)
It disabled my Process Explorer.
It disabled access to a "kernal" file related to the ESET-NOD32 program.

In addition to disabling those programs. It left TDSSKiller still usable but it is unable to remove the virus either.

There is this process that's always active and I cannot kill it named

"4038147260:1136872975.exe"

I suspect that process is behind disabling lots of my protection. I tried my best to solve the problem myself but this one is particularly persistent. I also cannot run these anti-malware programs in safemode either because the virus disabled them. I am running on a Dell Laptop running on Windows XP. Thanks!
  • 0

Advertisements

#2
Essexboy
Posted 04 September 2011 - 06:19 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see what you have

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Hadji
Posted 05 September 2011 - 02:54 AM

Hadji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hello Essexboy, First off I would like to let you know I really appreciate your help.

Since my last post...there's been another hiccup. I have completely lost internet connection to that laptop. "Limited or No Connectivity" for both wireless and Ethernet connections. Will it be okay to try to fix it from a separate laptop that still has connection?

TDSSKiller returns a "Rootkit.Win32.ZAccess.c" error but trying to "cure" it returns a "Processing Error".

Well anyway regardless I will try to run those fixes and I will post the results.
  • 0

#4
Essexboy
Posted 05 September 2011 - 11:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is the new kid on the block and we are still formulating our approach to this

  • Download AntiZeroAccess to Desktop
  • Double click on it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Type y and press enter to run the scan
  • Please post AntiZeroAccess_Log.txt contents in your next post. This file is saved in the same location as AntiZeroAccess program.

  • 0

#5
Hadji
Posted 05 September 2011 - 06:45 PM

Hadji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here are the contents of the ZeroAccess log.



Webroot AntiZeroAccess 0.8 Log File
Execution time: 05/09/2011 - 17:39
Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 2
17:39:46 - CheckSystem - Begin to check system...
17:39:46 - OpenRootDrive - Opening system root volume and physical drive....
17:39:46 - C Root Drive: Disk number: 0 Start sector: 0x00017886 Partition Size: 0x0D1E8F45 sectors.
17:39:46 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
17:39:47 - InstallAndStartDriver - Main driver was installed and now is running.
17:39:47 - CheckSystem - Disk class driver state is OK.
17:39:48 - CheckFile - Unable to send IOCTL_VOLUME_LOGICAL_TO_PHYSICAL to system root volume object. DeviceIoControl last error: 87
17:39:49 - CheckFile - Unable to send IOCTL_VOLUME_LOGICAL_TO_PHYSICAL to system root volume object. DeviceIoControl last error: 87
17:39:49 - CheckFile - Internal consistence error: Sector buffer is not of a PE file!
17:39:49 - CheckFile - Internal consistence error: Sector buffer is not of a PE file!
17:39:50 - CheckFile - Internal consistence error: Sector buffer is not of a PE file!
17:39:50 - CheckFile - Unable to send IOCTL_VOLUME_LOGICAL_TO_PHYSICAL to system root volume object. DeviceIoControl last error: 87
17:39:59 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
17:39:59 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
17:39:59 - Execution Ended!
  • 0

#6
Hadji
Posted 05 September 2011 - 09:36 PM

Hadji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here is the aswMBR log.


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-05 18:15:17
-----------------------------
18:15:17.828 OS Version: Windows 5.1.2600 Service Pack 2
18:15:17.828 Number of processors: 2 586 0xF06
18:15:17.828 ComputerName: JOHNNY UserName: Others
18:15:18.281 Initialize success
18:15:44.468 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:15:44.468 Disk 0 Vendor: FUJITSU_MHW2120BH 00850012 Size: 114473MB BusType: 3
18:15:44.484 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
18:15:44.484 Disk 1 Vendor: Size: 488MB BusType: 0
18:15:46.515 Disk 0 MBR read successfully
18:15:46.515 Disk 0 MBR scan
18:15:46.515 Disk 0 unknown MBR code
18:15:46.531 Disk 0 scanning sectors +234436545
18:15:46.609 Disk 0 scanning C:\WINDOWS\system32\drivers
18:16:00.859 Service scanning
18:16:02.546 Modules scanning
18:16:11.859 Disk 0 trace - called modules:
18:16:11.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:16:11.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d43ab8]
18:16:11.937 3 CLASSPNP.SYS[f74f205b] -> nt!IofCallDriver -> \Device\0000007d[0x86d793b8]
18:16:11.937 5 ACPI.sys[f7368620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d46940]
18:16:11.937 Scan finished successfully
18:18:02.640 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Others\Desktop\MBR.dat"
18:18:02.640 The log file has been saved successfully to "C:\Documents and Settings\Others\Desktop\aswMBR.txt"

Edited by Hadji, 06 September 2011 - 07:49 PM.

  • 0

#7
Hadji
Posted 05 September 2011 - 09:37 PM

Hadji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
And here are the OTL logs.


OTL logfile created on: 9/5/2011 6:23:52 PM - Run 3
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Others\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 626.73 Mb Available Physical Memory | 61.30% Memory free
2.40 Gb Paging File | 2.16 Gb Available in Paging File | 89.89% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.95 Gb Total Space | 2.30 Gb Free Space | 2.19% Space Free | Partition Type: NTFS
Drive E: | 487.53 Mb Total Space | 73.84 Mb Free Space | 15.15% Space Free | Partition Type: FAT32

Computer Name: JOHNNY | User Name: Others | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/02 14:29:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTL.exe
PRC - [2010/07/04 20:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/03/27 15:54:06 | 000,165,160 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/08/03 17:51:42 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/05/24 11:31:06 | 000,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
PRC - [2004/08/10 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/12/03 15:53:06 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/11/22 23:35:44 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2006/11/22 23:30:58 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/08/03 17:52:00 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/05/24 11:31:06 | 000,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
MOD - [2006/01/08 18:14:00 | 000,040,960 | ---- | M] () -- C:\Program Files\Java Launcher\bin\LaunchShellMenu.dll
MOD - [2005/10/13 12:53:36 | 000,090,223 | ---- | M] () -- C:\Program Files\Dell\QuickSet\preflibcl.dll
MOD - [2004/08/10 04:00:00 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2004/08/10 04:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004/08/10 04:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/10 04:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (StarWindService)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/09 02:44:00 | 004,290,192 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/07/04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/03/27 15:54:06 | 000,165,160 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/06 13:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/10/25 09:27:56 | 000,018,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2007/10/25 09:26:34 | 000,455,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/08/03 10:24:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/05/24 11:31:06 | 000,372,736 | ---- | M] () [Auto | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)
SRV - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/04/26 19:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010/04/26 19:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010/04/26 19:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/04/29 19:35:16 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/02/08 23:14:06 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/11/06 13:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/10/25 09:27:08 | 000,030,728 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2007/10/25 09:25:32 | 000,027,144 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2007/10/25 09:25:14 | 000,033,800 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/12/14 11:42:11 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/11/22 23:34:36 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/25 06:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/14 00:01:16 | 000,013,824 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys -- (hnmwrlspkt)
DRV - [2006/05/24 17:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/24 17:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 17:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 17:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/24 17:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/24 17:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 16:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 16:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/05/23 13:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/31 14:44:39 | 000,010,880 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper)
DRV - [2005/10/14 14:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 14:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 14:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 02:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 02:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 02:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/02/01 16:55:40 | 000,021,442 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\gravity\RO\npkcrypt.sys -- (npkcrypt)
DRV - [2004/08/10 04:00:00 | 000,138,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2004/08/10 04:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/04/13 20:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/02/13 15:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 15:05:48 | 000,314,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrO21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000 (08B0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 5A 75 49 21 3B 46 48 80 DB B7 BB 5E 4C E4 72 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 5A 75 49 21 3B 46 48 80 DB B7 BB 5E 4C E4 72 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 5A 75 49 21 3B 46 48 80 DB B7 BB 5E 4C E4 72 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 5A 75 49 21 3B 46 48 80 DB B7 BB 5E 4C E4 72 [binary data]

IE - HKU\S-1-5-21-118705096-4185100950-221826225-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-118705096-4185100950-221826225-1007\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 5A 75 49 21 3B 46 48 80 DB B7 BB 5E 4C E4 72 [binary data]
IE - HKU\S-1-5-21-118705096-4185100950-221826225-1007\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found
IE - HKU\S-1-5-21-118705096-4185100950-221826225-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-118705096-4185100950-221826225-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://neu-ro.net/?module=vote"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.7.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63333
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 15:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/02 15:16:01 | 000,000,000 | ---D | M]

[2010/11/25 05:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Others\Application Data\Mozilla\Extensions
[2010/11/25 05:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Others\Application Data\Mozilla\Extensions\[email protected]
[2011/08/30 13:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\extensions
[2011/04/11 11:41:08 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/11/20 03:57:19 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/06/06 05:38:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/14 02:05:12 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\extensions\[email protected]
[2010/11/26 05:40:23 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\searchplugins\askcom.xml
[2011/09/03 20:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/28 06:06:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/08/18 10:47:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/01 03:01:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/07/02 14:20:46 | 000,069,632 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2008/10/01 16:25:28 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll
[2010/12/09 03:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2011/09/02 04:27:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3E9D340B-D614-4854-AE06-4218201F6AAE} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3E9D340B-D614-4854-AE06-4218201F6AAE} - No CLSID value found.
O3 - HKU\S-1-5-21-118705096-4185100950-221826225-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-118705096-4185100950-221826225-1007\..\Toolbar\Webbrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-21-118705096-4185100950-221826225-1007..\Run: [Aim6] File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Linus\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-118705096-4185100950-221826225-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-118705096-4185100950-221826225-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-118705096-4185100950-221826225-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-118705096-4185100950-221826225-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Documents and Settings\Others\Local Settings\Application Data\3700n.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {e2cc30f5-4406-4af2-aa64-eb95ad77e367} - jugezatag - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Others\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Others\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/05 17:58:21 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Others\Desktop\aswMBR.exe
[2011/09/05 17:39:17 | 000,167,864 | ---- | C] (Webroot) -- C:\Documents and Settings\Others\Desktop\antizeroaccess.exe
[2011/09/04 00:43:37 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/09/02 23:14:11 | 004,846,880 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Others\Desktop\procexp.exe
[2011/09/02 14:29:08 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTL.exe
[2011/09/02 12:36:09 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Others\Desktop\winlogon.exe
[2011/09/02 04:25:17 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Others\Desktop\GooredFix(2).exe
[2011/09/02 02:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/09/02 02:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/01 23:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Application Data\SUPERAntiSpyware.com
[2011/09/01 22:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/01 11:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Desktop\Biology 1C
[2011/08/30 13:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Desktop\TDSSKiller
[2011/08/30 13:47:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Desktop\GooredFix Backups
[2011/08/30 13:41:13 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTM.exe
[2011/08/30 13:16:41 | 012,510,680 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Others\Desktop\SUPERAntiSpyware.exe
[2011/08/27 19:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Desktop\Brighten - I'll Always Be Around EP
[2011/08/08 02:01:28 | 000,000,000 | ---D | C] -- C:\ut
[2011/08/08 00:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Local Settings\Application Data\temp
[2011/08/08 00:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Local Settings\Application Data\Conduit
[2011/08/08 00:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/08/07 23:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Application Data\uTorrent
[1 C:\Documents and Settings\Others\*.tmp files -> C:\Documents and Settings\Others\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/05 18:18:02 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\MBR.dat
[2011/09/05 17:54:14 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Others\Desktop\aswMBR.exe
[2011/09/05 17:33:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/05 17:32:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/05 17:32:56 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/05 17:30:14 | 000,167,864 | ---- | M] (Webroot) -- C:\Documents and Settings\Others\Desktop\antizeroaccess.exe
[2011/09/03 20:28:39 | 000,000,147 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\rk-proxy.reg
[2011/09/03 14:23:56 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Others\NTUSER.bak
[2011/09/03 00:20:54 | 000,043,408 | -HS- | M] () -- C:\WINDOWS\System32\c_55590.nl_
[2011/09/02 23:11:13 | 001,846,196 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\ProcessExplorer.zip
[2011/09/02 14:29:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTL.exe
[2011/09/02 12:38:10 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Others\Desktop\winlogon.exe
[2011/09/02 12:27:54 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\rkill.exe
[2011/09/02 04:44:15 | 000,000,280 | -H-- | M] () -- C:\boot.ini
[2011/09/02 04:27:56 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/02 04:25:16 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Others\Desktop\GooredFix(2).exe
[2011/09/02 02:47:42 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/01 23:45:46 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\Others\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Protection.lnk
[2011/09/01 23:45:45 | 000,000,090 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\avbase.dat
[2011/09/01 21:53:51 | 004,194,304 | ---- | M] () -- C:\WINDOWS\System32\pdmzmplg.dll
[2011/08/31 15:16:50 | 004,846,880 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Others\Desktop\procexp.exe
[2011/08/31 15:16:50 | 004,846,880 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\exxxp.exe
[2011/08/30 13:50:02 | 001,390,139 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\tdsskiller.zip
[2011/08/30 13:41:28 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTM.exe
[2011/08/30 13:19:31 | 012,510,680 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Others\Desktop\SUPERAntiSpyware.exe
[2011/08/19 13:36:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/17 13:58:31 | 004,282,529 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\RMS 08-23-2010.rar
[2011/08/10 13:14:10 | 001,018,645 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\1313000840216.gif
[2011/08/08 21:56:34 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Others\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/08 00:00:40 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[1 C:\Documents and Settings\Others\*.tmp files -> C:\Documents and Settings\Others\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/05 18:18:02 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\MBR.dat
[2011/09/03 21:54:47 | 1072,103,424 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/02 23:11:42 | 004,846,880 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\exxxp.exe
[2011/09/02 23:10:54 | 001,846,196 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\ProcessExplorer.zip
[2011/09/02 12:28:58 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\rk-proxy.reg
[2011/09/02 12:27:43 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\rkill.exe
[2011/09/02 02:47:42 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/01 23:45:46 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\Others\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Protection.lnk
[2011/09/01 23:45:45 | 000,000,090 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avbase.dat
[2011/09/01 23:41:07 | 000,043,408 | -HS- | C] () -- C:\WINDOWS\System32\c_55590.nl_
[2011/09/01 21:53:49 | 004,194,304 | ---- | C] () -- C:\WINDOWS\System32\pdmzmplg.dll
[2011/08/30 13:49:34 | 001,390,139 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\tdsskiller.zip
[2011/08/17 13:57:32 | 004,282,529 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\RMS 08-23-2010.rar
[2011/08/10 13:14:07 | 001,018,645 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\1313000840216.gif
[2011/08/08 00:00:40 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/07/24 20:57:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2011/07/14 07:03:24 | 000,011,860 | -HS- | C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\o0r8j32l2vfisvr2oo51y8dg2tk73a7d3r6dbrv6umfu
[2011/07/14 07:03:24 | 000,011,860 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\o0r8j32l2vfisvr2oo51y8dg2tk73a7d3r6dbrv6umfu
[2011/05/22 21:01:08 | 000,019,213 | ---- | C] () -- C:\Documents and Settings\Others\Application Data\FFAA.F97
[2011/03/23 21:23:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wtamebirit.dat
[2011/03/23 21:23:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Aquvutivol.bin
[2011/02/26 08:36:12 | 000,000,033 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/02/20 08:08:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/01/29 06:58:04 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/01/29 06:58:04 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/01/29 06:57:53 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Others\Application Data\$_hpcst$.hpc
[2010/12/15 03:01:44 | 000,001,816 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2010/12/01 04:09:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\rzrunins.exe
[2010/05/20 21:16:35 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/03/05 13:36:34 | 000,208,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/01 16:26:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/09/27 20:40:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/25 12:39:28 | 000,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/05/05 13:09:01 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/01 02:31:32 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/02/25 23:51:16 | 000,000,324 | ---- | C] () -- C:\WINDOWS\WPE PRO.INI
[2008/12/20 14:12:23 | 000,107,520 | ---- | C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/17 10:04:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/10/15 15:25:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/15 15:25:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/10/15 15:25:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/10/04 20:56:12 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SR2.dat
[2008/08/31 17:40:23 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2008/08/31 17:40:23 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2008/08/11 21:51:40 | 000,063,120 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/04/11 10:47:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/12/26 05:54:18 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2007/12/05 13:42:30 | 000,001,225 | ---- | C] () -- C:\WINDOWS\prov.ini
[2007/11/28 04:14:05 | 000,001,876 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/11/06 13:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/25 09:27:08 | 000,030,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2007/08/19 21:30:57 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/09 20:29:22 | 000,000,653 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2007/07/16 01:21:52 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/07/15 18:27:04 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\fusioncache.dat
[2007/06/05 01:11:37 | 000,000,679 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/05/08 20:37:26 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/05/03 08:02:19 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2007/05/03 08:02:19 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2007/03/10 01:40:38 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/27 14:36:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2007/02/13 11:04:02 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/25 10:21:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2006/12/20 23:56:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/14 12:00:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/14 11:48:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/14 11:39:18 | 000,000,726 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/14 11:38:03 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/14 11:29:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/12/14 11:29:16 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/12/14 11:29:15 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/12/14 11:03:10 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/12/14 11:02:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/12/14 11:02:52 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/12/14 11:02:24 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/24 17:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,034,380 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 001,584,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:33 | 000,456,874 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,077,880 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/09 16:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/22 15:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 15:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 04:00:00 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys
[2004/08/10 04:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 04:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/09 21:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/08 16:35:58 | 000,103,172 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2003/03/09 13:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/09/02 00:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Subversion
[2011/03/09 07:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aBfEhFc06510
[2009/05/11 09:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2011/02/23 00:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/03/13 11:36:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/04/29 20:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/05/01 01:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2007/12/19 01:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame
[2010/07/31 12:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/05/03 17:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2008/05/21 23:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/10/01 16:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2011/01/28 13:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/07/08 07:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/01/29 06:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/10/05 20:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2007/08/09 20:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/21 02:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2009/08/17 17:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/01/12 10:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XemiComputers
[2008/06/20 12:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2011/04/26 09:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/05 17:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/12/21 01:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linus\Application Data\acccore
[2010/04/18 14:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linus\Application Data\Audacity
[2008/04/03 21:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linus\Application Data\CiscoCAA
[2011/07/02 23:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linus\Application Data\FrostWire
[2008/05/02 18:07:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Linus\Application Data\ijjigame
[2007/03/09 14:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linus\Application Data\Leadertech
[2011/07/03 00:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linus\Application Data\LimeWire
[2010/03/05 14:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linus\Application Data\NavNet Solutions
[2007/12/27 21:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linus\Application Data\NHN Corporation
[2010/06/29 02:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linus\Application Data\Subversion
[2007/03/14 13:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linus\Application Data\Wireshark
[2008/12/19 23:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\acccore
[2010/05/20 22:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Audacity
[2011/05/23 11:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\BitComet
[2011/03/16 22:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Canon
[2008/12/19 19:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\CiscoCAA
[2009/04/30 10:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\DAEMON Tools
[2009/05/01 00:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\DAEMON Tools Lite
[2009/04/30 10:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\DAEMON Tools Pro
[2011/06/16 15:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Downloaded Installations
[2009/04/28 15:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\ESET
[2011/07/03 10:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\FrostWire
[2009/10/05 20:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Leadertech
[2011/07/03 00:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\LimeWire
[2010/03/05 12:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\NavNet Solutions
[2011/01/28 13:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\PC Suite
[2011/01/29 06:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Samsung
[2011/05/07 22:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\spiral
[2010/06/06 15:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Subversion
[2011/08/08 20:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\uTorrent
[2011/02/21 02:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\vghd
[2009/05/17 21:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Viewpoint
[2009/03/05 23:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Wireshark

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2004/08/10 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004/08/10 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004/08/10 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/10 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/10 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/10 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2011/09/02 12:38:10 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) MD5=9A14A477431A901A7014ED312E0C6C3C -- C:\Documents and Settings\Others\Desktop\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81

< End of report >
  • 0

#8
Essexboy
Posted 06 September 2011 - 11:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi you posted two zeroaccess logs instead of the aswMBR one, could you post that please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 5A 75 49 21 3B 46 48 80 DB B7 BB 5E 4C E4 72 [binary data]
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 5A 75 49 21 3B 46 48 80 DB B7 BB 5E 4C E4 72 [binary data]
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 5A 75 49 21 3B 46 48 80 DB B7 BB 5E 4C E4 72 [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 5A 75 49 21 3B 46 48 80 DB B7 BB 5E 4C E4 72 [binary data]
    IE - HKU\S-1-5-21-118705096-4185100950-221826225-1007\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 6B 5A 75 49 21 3B 46 48 80 DB B7 BB 5E 4C E4 72 [binary data]
    IE - HKU\S-1-5-21-118705096-4185100950-221826225-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 63333
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found
    O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - File not found
    O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - File not found
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3E9D340B-D614-4854-AE06-4218201F6AAE} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3E9D340B-D614-4854-AE06-4218201F6AAE} - No CLSID value found.
    O3 - HKU\S-1-5-21-118705096-4185100950-221826225-1007\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-118705096-4185100950-221826225-1007\..\Toolbar\Webbrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O20 - AppInit_DLLs: (C:\Documents and Settings\Others\Local Settings\Application Data\3700n.dll) - File not found
    [2011/07/14 07:03:24 | 000,011,860 | -HS- | C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\o0r8j32l2vfisvr2oo51y8dg2tk73a7d3r6dbrv6umfu
    [2011/07/14 07:03:24 | 000,011,860 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\o0r8j32l2vfisvr2oo51y8dg2tk73a7d3r6dbrv6umfu
    [2011/09/01 23:41:07 | 000,043,408 | -HS- | C] () -- C:\WINDOWS\System32\c_55590.nl_
    [2011/09/01 21:53:49 | 004,194,304 | ---- | C] () -- C:\WINDOWS\System32\pdmzmplg.dll
    [2011/03/23 21:23:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wtamebirit.dat
    [2011/03/23 21:23:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Aquvutivol.bin
    [2011/03/09 07:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aBfEhFc06510

    :Reg
    [HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-
    [HKU\S-1-5-21-118705096-4185100950-221826225-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
    XMLHTTP_UUID_Default=-

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#9
Hadji
Posted 06 September 2011 - 08:18 PM

Hadji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here's the log for the second OTL scan. I haven't run Combofix yet. I still do not have internet on that computer, so I'm unsure if Combofix needs to be updated before I run it. At the moment I'm transferring all these fixes through an external drive. When I attempt to repair the connection it tells me the problem occurs while "Renewing your IP address."

In any case here is the log.

OTL logfile created on: 9/6/2011 7:01:24 PM - Run 4
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Others\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 647.55 Mb Available Physical Memory | 63.34% Memory free
2.40 Gb Paging File | 2.17 Gb Available in Paging File | 90.19% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.95 Gb Total Space | 2.21 Gb Free Space | 2.10% Space Free | Partition Type: NTFS
Drive E: | 487.53 Mb Total Space | 73.71 Mb Free Space | 15.12% Space Free | Partition Type: FAT32

Computer Name: JOHNNY | User Name: Others | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/02 14:29:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTL.exe
PRC - [2010/07/04 20:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/03/27 15:54:06 | 000,165,160 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2007/10/25 09:26:24 | 001,410,304 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/08/03 17:51:42 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/05/24 11:31:06 | 000,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
PRC - [2004/08/10 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/10 04:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/11/22 23:35:44 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2006/11/22 23:30:58 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/08/03 17:52:00 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/05/24 11:31:06 | 000,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
MOD - [2005/10/13 12:53:36 | 000,090,223 | ---- | M] () -- C:\Program Files\Dell\QuickSet\preflibcl.dll
MOD - [2004/08/10 04:00:00 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2004/08/10 04:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004/08/10 04:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/10 04:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (StarWindService)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/09 02:44:00 | 004,290,192 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/07/04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/03/27 15:54:06 | 000,165,160 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/06 13:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/10/25 09:27:56 | 000,018,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2007/10/25 09:26:34 | 000,455,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/08/03 10:24:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/05/24 11:31:06 | 000,372,736 | ---- | M] () [Auto | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)
SRV - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/04/26 19:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010/04/26 19:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010/04/26 19:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/04/29 19:35:16 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/02/08 23:14:06 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/11/06 13:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/10/25 09:27:08 | 000,030,728 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2007/10/25 09:25:32 | 000,027,144 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2007/10/25 09:25:14 | 000,033,800 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/12/14 11:42:11 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/11/22 23:34:36 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/25 06:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/14 00:01:16 | 000,013,824 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys -- (hnmwrlspkt)
DRV - [2006/05/24 17:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/24 17:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 17:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 17:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/24 17:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/24 17:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 16:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 16:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/05/23 13:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/31 14:44:39 | 000,010,880 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper)
DRV - [2005/10/14 14:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 14:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 14:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 02:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 02:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 02:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/02/01 16:55:40 | 000,021,442 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\gravity\RO\npkcrypt.sys -- (npkcrypt)
DRV - [2004/08/10 04:00:00 | 000,138,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\afd.sys -- (AFD)
DRV - [2004/08/10 04:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/04/13 20:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/02/13 15:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 15:05:48 | 000,314,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrO21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000 (08B0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://neu-ro.net/?module=vote"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.7.0
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 15:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/02 15:16:01 | 000,000,000 | ---D | M]

[2010/11/25 05:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Others\Application Data\Mozilla\Extensions
[2010/11/25 05:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Others\Application Data\Mozilla\Extensions\[email protected]
[2011/08/30 13:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\extensions
[2011/04/11 11:41:08 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/11/20 03:57:19 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/06/06 05:38:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/14 02:05:12 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\extensions\[email protected]
[2010/11/26 05:40:23 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\searchplugins\askcom.xml
[2011/09/03 20:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/28 06:06:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/08/18 10:47:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/01 03:01:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/07/02 14:20:46 | 000,069,632 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2008/10/01 16:25:28 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll
[2010/12/09 03:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2011/09/06 18:55:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\documents and settings\others\local settings\application data\3700n.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {e2cc30f5-4406-4af2-aa64-eb95ad77e367} - jugezatag - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Others\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Others\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/06 18:55:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/05 17:58:21 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Others\Desktop\aswMBR.exe
[2011/09/05 17:39:17 | 000,167,864 | ---- | C] (Webroot) -- C:\Documents and Settings\Others\Desktop\antizeroaccess.exe
[2011/09/04 00:43:37 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/09/02 23:14:11 | 004,846,880 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Others\Desktop\procexp.exe
[2011/09/02 14:29:08 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTL.exe
[2011/09/02 12:36:09 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Others\Desktop\winlogon.exe
[2011/09/02 04:25:17 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Others\Desktop\GooredFix(2).exe
[2011/09/02 02:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/09/02 02:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/01 23:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Application Data\SUPERAntiSpyware.com
[2011/09/01 22:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/01 11:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Desktop\Biology 1C
[2011/08/30 13:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Desktop\TDSSKiller
[2011/08/30 13:47:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Desktop\GooredFix Backups
[2011/08/30 13:41:13 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTM.exe
[2011/08/30 13:16:41 | 012,510,680 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Others\Desktop\SUPERAntiSpyware.exe
[2011/08/27 19:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Desktop\Brighten - I'll Always Be Around EP
[2011/08/08 02:01:28 | 000,000,000 | ---D | C] -- C:\ut
[2011/08/08 00:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Local Settings\Application Data\temp
[2011/08/08 00:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Local Settings\Application Data\Conduit
[2011/08/08 00:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/08/07 23:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Application Data\uTorrent
[1 C:\Documents and Settings\Others\*.tmp files -> C:\Documents and Settings\Others\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/06 18:58:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/06 18:58:19 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/06 18:55:21 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/06 18:52:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/05 18:18:02 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\MBR.dat
[2011/09/05 17:54:14 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Others\Desktop\aswMBR.exe
[2011/09/05 17:30:14 | 000,167,864 | ---- | M] (Webroot) -- C:\Documents and Settings\Others\Desktop\antizeroaccess.exe
[2011/09/03 20:28:39 | 000,000,147 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\rk-proxy.reg
[2011/09/03 14:23:56 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Others\NTUSER.bak
[2011/09/02 23:11:13 | 001,846,196 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\ProcessExplorer.zip
[2011/09/02 14:29:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTL.exe
[2011/09/02 12:38:10 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Others\Desktop\winlogon.exe
[2011/09/02 12:27:54 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\rkill.exe
[2011/09/02 04:44:15 | 000,000,280 | -H-- | M] () -- C:\boot.ini
[2011/09/02 04:25:16 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Others\Desktop\GooredFix(2).exe
[2011/09/02 02:47:42 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/01 23:45:46 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\Others\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Protection.lnk
[2011/09/01 23:45:45 | 000,000,090 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\avbase.dat
[2011/08/31 15:16:50 | 004,846,880 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Others\Desktop\procexp.exe
[2011/08/31 15:16:50 | 004,846,880 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\exxxp.exe
[2011/08/30 13:50:02 | 001,390,139 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\tdsskiller.zip
[2011/08/30 13:41:28 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTM.exe
[2011/08/30 13:19:31 | 012,510,680 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Others\Desktop\SUPERAntiSpyware.exe
[2011/08/19 13:36:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/17 13:58:31 | 004,282,529 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\RMS 08-23-2010.rar
[2011/08/10 13:14:10 | 001,018,645 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\1313000840216.gif
[2011/08/08 21:56:34 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Others\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/08 00:00:40 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[1 C:\Documents and Settings\Others\*.tmp files -> C:\Documents and Settings\Others\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/05 18:18:02 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\MBR.dat
[2011/09/03 21:54:47 | 1072,103,424 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/02 23:11:42 | 004,846,880 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\exxxp.exe
[2011/09/02 23:10:54 | 001,846,196 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\ProcessExplorer.zip
[2011/09/02 12:28:58 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\rk-proxy.reg
[2011/09/02 12:27:43 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\rkill.exe
[2011/09/02 02:47:42 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/01 23:45:46 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\Others\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Protection.lnk
[2011/09/01 23:45:45 | 000,000,090 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avbase.dat
[2011/08/30 13:49:34 | 001,390,139 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\tdsskiller.zip
[2011/08/17 13:57:32 | 004,282,529 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\RMS 08-23-2010.rar
[2011/08/10 13:14:07 | 001,018,645 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\1313000840216.gif
[2011/08/08 00:00:40 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/07/24 20:57:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2011/05/22 21:01:08 | 000,019,213 | ---- | C] () -- C:\Documents and Settings\Others\Application Data\FFAA.F97
[2011/02/26 08:36:12 | 000,000,033 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/02/20 08:08:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/01/29 06:58:04 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/01/29 06:58:04 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/01/29 06:57:53 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Others\Application Data\$_hpcst$.hpc
[2010/12/15 03:01:44 | 000,001,816 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2010/12/01 04:09:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\rzrunins.exe
[2010/05/20 21:16:35 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/03/05 13:36:34 | 000,208,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/01 16:26:59 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/09/27 20:40:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/25 12:39:28 | 000,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/05/05 13:09:01 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/01 02:31:32 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/02/25 23:51:16 | 000,000,324 | ---- | C] () -- C:\WINDOWS\WPE PRO.INI
[2008/12/20 14:12:23 | 000,107,520 | ---- | C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/17 10:04:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/10/15 15:25:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/15 15:25:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/10/15 15:25:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/10/04 20:56:12 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SR2.dat
[2008/08/31 17:40:23 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2008/08/31 17:40:23 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2008/08/11 21:51:40 | 000,063,120 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/04/11 10:47:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/12/26 05:54:18 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2007/12/05 13:42:30 | 000,001,225 | ---- | C] () -- C:\WINDOWS\prov.ini
[2007/11/28 04:14:05 | 000,001,876 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/11/06 13:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/25 09:27:08 | 000,030,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2007/08/19 21:30:57 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/09 20:29:22 | 000,000,653 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2007/07/16 01:21:52 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/07/15 18:27:04 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\fusioncache.dat
[2007/06/05 01:11:37 | 000,000,679 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/05/08 20:37:26 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/05/03 08:02:19 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2007/05/03 08:02:19 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2007/03/10 01:40:38 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/27 14:36:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2007/02/13 11:04:02 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/25 10:21:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2006/12/20 23:56:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/14 12:00:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/14 11:48:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/14 11:39:18 | 000,000,726 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/14 11:38:03 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/14 11:29:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/12/14 11:29:16 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/12/14 11:29:15 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/12/14 11:03:10 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/12/14 11:02:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/12/14 11:02:52 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/12/14 11:02:24 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/24 17:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,034,380 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 001,584,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:33 | 000,456,874 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,077,880 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/09 16:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/22 15:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 15:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 04:00:00 | 000,138,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.sys
[2004/08/10 04:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 04:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/09 21:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/08 16:35:58 | 000,103,172 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2003/03/09 13:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/03/09 07:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aBfEhFc06510
[2009/05/11 09:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2011/02/23 00:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/03/13 11:36:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/04/29 20:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/05/01 01:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2007/12/19 01:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame
[2010/07/31 12:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/05/03 17:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2008/05/21 23:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/10/01 16:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2011/01/28 13:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/07/08 07:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/01/29 06:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/10/05 20:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2007/08/09 20:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/21 02:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2009/08/17 17:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/01/12 10:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XemiComputers
[2008/06/20 12:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2011/04/26 09:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/05 17:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/12/19 23:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\acccore
[2010/05/20 22:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Audacity
[2011/05/23 11:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\BitComet
[2011/03/16 22:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Canon
[2008/12/19 19:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\CiscoCAA
[2009/04/30 10:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\DAEMON Tools
[2009/05/01 00:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\DAEMON Tools Lite
[2009/04/30 10:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\DAEMON Tools Pro
[2011/06/16 15:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Downloaded Installations
[2009/04/28 15:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\ESET
[2011/07/03 10:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\FrostWire
[2009/10/05 20:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Leadertech
[2011/07/03 00:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\LimeWire
[2010/03/05 12:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\NavNet Solutions
[2011/01/28 13:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\PC Suite
[2011/01/29 06:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Samsung
[2011/05/07 22:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\spiral
[2010/06/06 15:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Subversion
[2011/08/08 20:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\uTorrent
[2011/02/21 02:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\vghd
[2009/05/17 21:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Viewpoint
[2009/03/05 23:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Wireshark

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81

< End of report >
  • 0

#10
Hadji
Posted 07 September 2011 - 12:58 AM

Hadji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I am currently in the midst of running Combofix but it states that my ESET NOD32 Antivirus 3.0 is active. However the virus has disabled all the exe files from me and also upon reboot NOD32 cannot start because access to the kernel was disabled as well. I cannot tell whether or not NOD32 is still running in the background even if it's unable to function without communication with the kernel. Do I continue with the scan even with NOD32 "active" in the background?
  • 0

Advertisements

#11
Hadji
Posted 07 September 2011 - 10:50 AM

Hadji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here's the message that pops up when I try run ESET. As well as the Combofix warning. As you can see a lot of the exe files cannot be run.

http://imageshack.us...reenshotccd.jpg
  • 0

#12
Essexboy
Posted 07 September 2011 - 11:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you get to safe mode to run Combofix from there ?


Lets see if we can get the net back up


Start the Services snapin:

Go to Start > Run
Type: services.msc
Click OK
Scroll down to and double click DNS Client
Set to Automatic under Startup type
Click the Apply button
Click the Start button
When it starts click OK

Repeat for DHCP Client.
Repeat for Remote Procedure Call (RPC).

When done, close Services.

Then retry the internet
  • 0

#13
Hadji
Posted 07 September 2011 - 04:44 PM

Hadji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
ComboFix crashed during one of the last steps of the scan and did not produce a log for me. I am not exactly sure which step produced the Blue Screen. But upon rebooting my net is back up. What should be my next course of action? Many of the exe's that the virus disabled are still giving "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access them" messages. Are these gone for good? ESET is still not able to access its kernal file.
  • 0

#14
Essexboy
Posted 08 September 2011 - 10:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets kill a couple that I was going to use combofix to get and then run a virus scan and analysis

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O20 - AppInit_DLLs: (c:\documents and settings\others\local settings\application data\3700n.dll) - File not found
    O22 - SharedTaskScheduler: {e2cc30f5-4406-4af2-aa64-eb95ad77e367} - jugezatag - Reg Error: Value error. File not found

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

This may be run from safe mode

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
Megaupload
  • 0

#15
Hadji
Posted 08 September 2011 - 11:49 PM

Hadji

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
OTL logfile created on: 9/8/2011 9:45:46 PM - Run 5
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Others\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.37 Mb Total Physical Memory | 550.60 Mb Available Physical Memory | 53.86% Memory free
2.40 Gb Paging File | 2.03 Gb Available in Paging File | 84.69% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.95 Gb Total Space | 1.87 Gb Free Space | 1.78% Space Free | Partition Type: NTFS

Computer Name: JOHNNY | User Name: Others | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/02 14:29:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTL.exe
PRC - [2010/12/20 16:34:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/04 20:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009/03/27 15:54:06 | 000,165,160 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2007/10/25 09:26:24 | 001,410,304 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe
PRC - [2006/08/03 17:51:42 | 001,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/05/24 11:31:06 | 000,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
PRC - [2004/08/10 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/12/20 16:34:48 | 001,017,304 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010/11/22 04:56:45 | 005,971,408 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/08/15 11:43:08 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
MOD - [2006/11/22 23:35:44 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2006/11/22 23:30:58 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2006/08/03 17:52:00 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2006/05/24 11:31:06 | 000,372,736 | ---- | M] () -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
MOD - [2005/10/13 12:53:36 | 000,090,223 | ---- | M] () -- C:\Program Files\Dell\QuickSet\preflibcl.dll
MOD - [2004/08/10 04:00:00 | 001,287,680 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2004/08/10 04:00:00 | 000,268,288 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2004/08/10 04:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/10 04:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (StarWindService)
SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/09 02:44:00 | 004,290,192 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/07/04 20:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/03/27 15:54:06 | 000,165,160 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/11/06 13:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/10/25 09:27:56 | 000,018,176 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2007/10/25 09:26:34 | 000,455,936 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/08/03 10:24:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/05/24 11:31:06 | 000,372,736 | ---- | M] () [Auto | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- (StyleXPService)
SRV - [2003/03/09 13:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/14 10:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/04/26 19:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010/04/26 19:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010/04/26 19:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/04/29 19:35:16 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/02/08 23:14:06 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/11/06 13:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/10/25 09:27:08 | 000,030,728 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2007/10/25 09:25:32 | 000,027,144 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2007/10/25 09:25:14 | 000,033,800 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/12/14 11:42:11 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/11/22 23:34:36 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/25 06:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/07/14 00:01:16 | 000,013,824 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hnm_wrls_pkt.sys -- (hnmwrlspkt)
DRV - [2006/05/24 17:07:18 | 000,328,237 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/24 17:05:26 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/05/24 17:04:04 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/24 17:01:34 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/24 17:01:22 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/24 17:00:50 | 000,066,488 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/24 16:58:18 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/24 16:57:00 | 000,045,683 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/05/23 13:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/31 14:44:39 | 000,010,880 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe -- (StyleXPHelper)
DRV - [2005/10/14 14:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 14:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 14:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 02:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 02:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 02:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/02/01 16:55:40 | 000,021,442 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\gravity\RO\npkcrypt.sys -- (npkcrypt)
DRV - [2004/08/10 04:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/04/13 20:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/02/13 15:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 15:05:48 | 000,314,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrO21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000 (08B0)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6061214

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://neu-ro.net/?module=vote"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5.1
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.7.0
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/16 15:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/02 15:16:01 | 000,000,000 | ---D | M]

[2010/11/25 05:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Others\Application Data\Mozilla\Extensions
[2010/11/25 05:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Others\Application Data\Mozilla\Extensions\[email protected]
[2011/08/30 13:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\extensions
[2011/04/11 11:41:08 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/11/20 03:57:19 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/06/06 05:38:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/14 02:05:12 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\extensions\[email protected]
[2010/11/26 05:40:23 | 000,002,568 | ---- | M] () -- C:\Documents and Settings\Others\Application Data\Mozilla\Firefox\Profiles\hm3ye6bl.default\searchplugins\askcom.xml
[2011/09/08 21:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/28 06:06:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009/08/18 10:47:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/01 03:01:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/07/02 14:20:46 | 000,069,632 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2008/10/01 16:25:28 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll
[2010/12/09 03:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2011/09/08 21:27:29 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4505E259-5D66-4CBA-86F3-5FF868ECBFB4}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Others\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Others\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/07 14:57:50 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/09/06 22:41:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Others\Start Menu\Programs\Administrative Tools
[2011/09/06 18:55:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/05 17:58:21 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Others\Desktop\aswMBR.exe
[2011/09/05 17:39:17 | 000,167,864 | ---- | C] (Webroot) -- C:\Documents and Settings\Others\Desktop\antizeroaccess.exe
[2011/09/04 00:43:37 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/09/02 23:14:11 | 004,846,880 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Others\Desktop\procexp.exe
[2011/09/02 14:29:08 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTL.exe
[2011/09/02 12:36:09 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Others\Desktop\winlogon.exe
[2011/09/02 04:25:17 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Others\Desktop\GooredFix(2).exe
[2011/09/02 02:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/09/02 02:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/01 23:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Application Data\SUPERAntiSpyware.com
[2011/09/01 22:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/09/01 11:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Desktop\Biology 1C
[2011/08/30 13:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Desktop\TDSSKiller
[2011/08/30 13:47:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Desktop\GooredFix Backups
[2011/08/30 13:41:13 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTM.exe
[2011/08/30 13:16:41 | 012,510,680 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Others\Desktop\SUPERAntiSpyware.exe
[2011/08/27 19:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Others\Desktop\Brighten - I'll Always Be Around EP
[1 C:\Documents and Settings\Others\*.tmp files -> C:\Documents and Settings\Others\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/08 21:39:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/08 21:39:23 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/08 21:27:29 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/09/08 19:31:03 | 106,057,864 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\setup_11.0.0.1245.x01_2011_09_09_05_03.exe
[2011/09/07 15:29:42 | 1072,136,192 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/09/06 23:52:22 | 000,000,280 | -H-- | M] () -- C:\boot.ini
[2011/09/06 22:37:33 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\Shortcut to ComboFix.lnk
[2011/09/06 18:52:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/05 18:18:02 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\MBR.dat
[2011/09/05 17:54:14 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Others\Desktop\aswMBR.exe
[2011/09/05 17:30:14 | 000,167,864 | ---- | M] (Webroot) -- C:\Documents and Settings\Others\Desktop\antizeroaccess.exe
[2011/09/03 20:28:39 | 000,000,147 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\rk-proxy.reg
[2011/09/03 14:23:56 | 009,961,472 | ---- | M] () -- C:\Documents and Settings\Others\NTUSER.bak
[2011/09/02 23:11:13 | 001,846,196 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\ProcessExplorer.zip
[2011/09/02 14:29:13 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTL.exe
[2011/09/02 12:38:10 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Others\Desktop\winlogon.exe
[2011/09/02 12:27:54 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\rkill.exe
[2011/09/02 04:25:16 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Others\Desktop\GooredFix(2).exe
[2011/09/02 02:47:42 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/01 23:45:46 | 000,000,905 | ---- | M] () -- C:\Documents and Settings\Others\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Protection.lnk
[2011/09/01 23:45:45 | 000,000,090 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\avbase.dat
[2011/08/31 15:16:50 | 004,846,880 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Others\Desktop\procexp.exe
[2011/08/31 15:16:50 | 004,846,880 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\exxxp.exe
[2011/08/30 13:50:02 | 001,390,139 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\tdsskiller.zip
[2011/08/30 13:41:28 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Others\Desktop\OTM.exe
[2011/08/30 13:19:31 | 012,510,680 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Others\Desktop\SUPERAntiSpyware.exe
[2011/08/19 13:36:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/17 13:58:31 | 004,282,529 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\RMS 08-23-2010.rar
[2011/08/10 13:14:10 | 001,018,645 | ---- | M] () -- C:\Documents and Settings\Others\Desktop\1313000840216.gif
[1 C:\Documents and Settings\Others\*.tmp files -> C:\Documents and Settings\Others\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/08 19:04:04 | 106,057,864 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\setup_11.0.0.1245.x01_2011_09_09_05_03.exe
[2011/09/06 22:37:33 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\Shortcut to ComboFix.lnk
[2011/09/05 18:18:02 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\MBR.dat
[2011/09/03 21:54:47 | 1072,103,424 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/02 23:11:42 | 004,846,880 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\exxxp.exe
[2011/09/02 23:10:54 | 001,846,196 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\ProcessExplorer.zip
[2011/09/02 12:28:58 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\rk-proxy.reg
[2011/09/02 12:27:43 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\rkill.exe
[2011/09/02 02:47:42 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/01 23:45:46 | 000,000,905 | ---- | C] () -- C:\Documents and Settings\Others\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Protection.lnk
[2011/09/01 23:45:45 | 000,000,090 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avbase.dat
[2011/08/30 13:49:34 | 001,390,139 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\tdsskiller.zip
[2011/08/17 13:57:32 | 004,282,529 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\RMS 08-23-2010.rar
[2011/08/10 13:14:07 | 001,018,645 | ---- | C] () -- C:\Documents and Settings\Others\Desktop\1313000840216.gif
[2011/07/24 20:57:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2011/05/22 21:01:08 | 000,019,213 | ---- | C] () -- C:\Documents and Settings\Others\Application Data\FFAA.F97
[2011/02/26 08:36:12 | 000,000,033 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/02/20 08:08:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/01/29 06:58:04 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011/01/29 06:58:04 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011/01/29 06:57:53 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Others\Application Data\$_hpcst$.hpc
[2010/12/15 03:01:44 | 000,001,816 | ---- | C] () -- C:\WINDOWS\TSearch.INI
[2010/12/01 04:09:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\rzrunins.exe
[2010/05/20 21:16:35 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/03/05 13:36:34 | 000,208,656 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/11/01 16:26:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/09/27 20:40:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/07/25 12:39:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/05/05 13:09:01 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/01 02:31:32 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/02/25 23:51:16 | 000,000,324 | ---- | C] () -- C:\WINDOWS\WPE PRO.INI
[2008/12/20 14:12:23 | 000,107,520 | ---- | C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/17 10:04:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/10/15 15:25:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/15 15:25:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/10/15 15:25:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/10/04 20:56:12 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SR2.dat
[2008/08/31 17:40:23 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2008/08/31 17:40:23 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2008/08/11 21:51:40 | 000,063,120 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/04/11 10:47:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/12/26 05:54:18 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2007/12/05 13:42:30 | 000,001,225 | ---- | C] () -- C:\WINDOWS\prov.ini
[2007/11/28 04:14:05 | 000,001,876 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/11/06 13:19:28 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007/10/25 09:27:08 | 000,030,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2007/08/19 21:30:57 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/09 20:29:22 | 000,000,653 | ---- | C] () -- C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2007/07/16 01:21:52 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/07/15 18:27:04 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Others\Local Settings\Application Data\fusioncache.dat
[2007/06/05 01:11:37 | 000,000,679 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/05/08 20:37:26 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/05/03 08:02:19 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2007/05/03 08:02:19 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2007/03/10 01:40:38 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/27 14:36:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2007/02/13 11:04:02 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/25 10:21:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2006/12/20 23:56:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/14 12:00:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/14 11:48:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/14 11:39:18 | 000,000,726 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/14 11:38:03 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/14 11:29:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/12/14 11:29:16 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/12/14 11:29:15 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/12/14 11:03:10 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/12/14 11:02:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/12/14 11:02:52 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/12/14 11:02:24 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/24 17:16:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,034,380 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 001,584,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:33 | 000,456,874 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,077,880 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/04/09 16:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/22 15:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 15:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 04:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/10 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 04:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/09 21:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/08 16:35:58 | 000,103,172 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2003/03/09 13:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/03/09 07:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aBfEhFc06510
[2009/05/11 09:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2011/02/23 00:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/03/13 11:36:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/04/29 20:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/05/01 01:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2007/12/19 01:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame
[2010/07/31 12:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/05/03 17:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2008/05/21 23:15:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/10/01 16:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2011/01/28 13:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/07/08 07:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/01/29 06:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/10/05 20:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2007/08/09 20:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/21 02:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2009/08/17 17:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/01/12 10:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XemiComputers
[2008/06/20 12:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2011/04/26 09:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/05 17:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/12/19 23:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\acccore
[2010/05/20 22:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Audacity
[2011/05/23 11:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\BitComet
[2011/03/16 22:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Canon
[2008/12/19 19:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\CiscoCAA
[2009/04/30 10:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\DAEMON Tools
[2009/05/01 00:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\DAEMON Tools Lite
[2009/04/30 10:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\DAEMON Tools Pro
[2011/06/16 15:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Downloaded Installations
[2009/04/28 15:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\ESET
[2011/07/03 10:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\FrostWire
[2009/10/05 20:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Leadertech
[2011/07/03 00:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\LimeWire
[2010/03/05 12:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\NavNet Solutions
[2011/01/28 13:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\PC Suite
[2011/01/29 06:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Samsung
[2011/05/07 22:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\spiral
[2010/06/06 15:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Subversion
[2011/08/08 20:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\uTorrent
[2011/02/21 02:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\vghd
[2009/05/17 21:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Viewpoint
[2009/03/05 23:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Others\Application Data\Wireshark

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP