Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect *Appears Fixed*


  • Please log in to reply

#1
mt1

mt1

    New Member

  • Member
  • Pip
  • 2 posts
Looks like it is fixed now thanks to your malware FAQ - ran all the tools and things look better, thanks.



I left this computer alone for about 5 months and now I noticed that google is redirecting me to ad sites, ran spybot search and destroy and checked my startup processes etc...didn't see anything suspicious to my limited windows knowledge....in addition to needing help fixing the current problem could you please link me to the current best solution for keeping this from happening in the future...

Looking at some other posts I have attached what I think is the needed info = thank you in advance....


GooredFix v1.92 by jpshortstuff
Log created at 23:27 on 19/04/2009 running Option #1 (Nate)
Firefox version 3.0.8 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="F:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="F:\Program Files\Mozilla Firefox\components"


____________________________________________________________________________________


Microsoft Windows XP Professional (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:114463 Mo/Free:1989 Mo)
E:\ [CD-Rom] (Total:7120 Mo/Free:0 Mo)
F:\ [Fixed] - NTFS - (Total:238464 Mo/Free:1002 Mo)

Sun 04/19/2009|23:28

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \??\F:\WINDOWS\system32\csrss.exe
---------- \??\F:\WINDOWS\system32\winlogon.exe
---------- F:\WINDOWS\system32\services.exe
---------- F:\WINDOWS\system32\lsass.exe
---------- F:\WINDOWS\system32\svchost.exe
---------- F:\WINDOWS\system32\svchost.exe
---------- F:\WINDOWS\System32\svchost.exe
---------- F:\WINDOWS\System32\svchost.exe
---------- F:\WINDOWS\System32\svchost.exe
---------- F:\WINDOWS\system32\spoolsv.exe
---------- F:\WINDOWS\System32\svchost.exe
---------- F:\WINDOWS\system32\svchost.exe
---------- F:\WINDOWS\System32\svchost.exe
---------- F:\WINDOWS\system32\nvsvc32.exe
---------- F:\WINDOWS\system32\PnkBstrA.exe
---------- F:\WINDOWS\System32\svchost.exe
---------- F:\WINDOWS\System32\alg.exe
---------- F:\WINDOWS\system32\wscntfy.exe
---------- F:\WINDOWS\Explorer.EXE
---------- F:\WINDOWS\system32\RUNDLL32.EXE
---------- F:\WINDOWS\system32\ctfmon.exe
---------- F:\WINDOWS\system32\rundll32.exe
---------- F:\WINDOWS\system32\wuauclt.exe
---------- F:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
---------- F:\WINDOWS\system32\PnkBstrB.exe
---------- F:\Program Files\Mozilla Firefox\firefox.exe
---------- F:\Documents and Settings\Nate\Desktop\GooredFix.exe
---------- F:\WINDOWS\system32\cmd.exe
---------- F:\WINDOWS\system32\notepad.exe
---------- F:\Documents and Settings\Nate\Desktop\Rooter.exe
---------- F:\WINDOWS\system32\cmd.exe
---------- F:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "F:\Rooter$\Rooter_1.txt" - Sun 04/19/2009|23:28

----------------------\\ Scan completed at 23:28


______________________________________________________________________________



--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel® Core™2 Quad CPU Q6600 @ 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Nate ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:111 Go (Free:29 Go)
E:\ (CD or DVD) - UDF - Total:6 Go (Free:0 Go)
F:\ (Local Disk) - NTFS - Total:232 Go (Free:140 Go)

"F:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sun 04/19/2009|23:32 )

--------------------\\ Listing folders in APPLIC~1

[10/18/2007|07:20] F:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Apple Computer
[01/01/2003|05:09] F:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[10/18/2007|06:32] F:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Logitech
[10/18/2007|07:08] F:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[10/18/2007|07:48] F:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Mozilla
[10/18/2007|07:38] F:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> teamspeak2

[11/10/2007|01:01] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[11/10/2007|01:03] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[10/18/2007|07:19] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[10/18/2007|07:20] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[03/14/2008|09:02] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Azureus
[10/18/2007|10:24] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[12/16/2007|09:26] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard
[12/23/2007|09:27] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[10/19/2007|09:01] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LogiShrd
[10/19/2007|08:59] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[01/16/2008|12:12] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[01/08/2008|06:57] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[04/19/2009|07:19] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[12/16/2007|09:27] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WEBREG
[01/01/2003|05:43] F:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[12/09/2007|03:58] F:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[01/08/2008|07:18] F:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[12/23/2007|05:52] F:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[01/08/2008|07:18] F:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Mozilla

[01/25/2008|12:17] F:\DOCUME~1\Nate\APPLIC~1\<DIR> Adobe
[10/18/2007|09:13] F:\DOCUME~1\Nate\APPLIC~1\<DIR> Apple Computer
[03/15/2008|09:24] F:\DOCUME~1\Nate\APPLIC~1\<DIR> Azureus
[12/05/2007|06:22] F:\DOCUME~1\Nate\APPLIC~1\<DIR> DivX
[08/09/2008|09:58] F:\DOCUME~1\Nate\APPLIC~1\<DIR> dvdcss
[12/07/2007|05:23] F:\DOCUME~1\Nate\APPLIC~1\<DIR> GetRightToGo
[02/25/2008|01:17] F:\DOCUME~1\Nate\APPLIC~1\<DIR> Google
[11/20/2007|08:05] F:\DOCUME~1\Nate\APPLIC~1\<DIR> Help
[10/18/2007|09:10] F:\DOCUME~1\Nate\APPLIC~1\<DIR> Identities
[10/19/2007|08:59] F:\DOCUME~1\Nate\APPLIC~1\<DIR> InstallShield
[10/18/2007|09:10] F:\DOCUME~1\Nate\APPLIC~1\<DIR> Logitech
[10/18/2007|10:01] F:\DOCUME~1\Nate\APPLIC~1\<DIR> Macromedia
[05/04/2008|03:13] F:\DOCUME~1\Nate\APPLIC~1\<DIR> Microsoft
[06/16/2008|09:11] F:\DOCUME~1\Nate\APPLIC~1\<DIR> Mozilla
[10/31/2007|07:35] F:\DOCUME~1\Nate\APPLIC~1\<DIR> Sun
[10/18/2007|09:35] F:\DOCUME~1\Nate\APPLIC~1\<DIR> Talkback
[01/09/2008|01:04] F:\DOCUME~1\Nate\APPLIC~1\<DIR> teamspeak2
[10/18/2007|09:35] F:\DOCUME~1\Nate\APPLIC~1\<DIR> Thunderbird
[03/19/2009|09:42] F:\DOCUME~1\Nate\APPLIC~1\<DIR> uTorrent
[10/20/2007|01:57] F:\DOCUME~1\Nate\APPLIC~1\<DIR> vlc
[10/18/2007|10:29] F:\DOCUME~1\Nate\APPLIC~1\<DIR> WinRAR

[10/18/2007|07:28] F:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[04/15/2008|04:23] F:\DOCUME~1\Nikki\APPLIC~1\<DIR> Adobe
[10/19/2007|06:49] F:\DOCUME~1\Nikki\APPLIC~1\<DIR> Identities
[10/19/2007|06:49] F:\DOCUME~1\Nikki\APPLIC~1\<DIR> Logitech
[10/19/2007|06:50] F:\DOCUME~1\Nikki\APPLIC~1\<DIR> Macromedia
[10/19/2007|06:49] F:\DOCUME~1\Nikki\APPLIC~1\<DIR> Microsoft
[06/18/2008|04:14] F:\DOCUME~1\Nikki\APPLIC~1\<DIR> Mozilla
[03/27/2008|05:26] F:\DOCUME~1\Nikki\APPLIC~1\<DIR> Sun
[04/15/2008|04:20] F:\DOCUME~1\Nikki\APPLIC~1\<DIR> Thunderbird

--------------------\\ Scheduled Tasks located in F:\WINDOWS\Tasks

[04/19/2009 07:23 PM][--ah-----] F:\WINDOWS\tasks\SA.DAT
[08/29/2002 05:00 AM][-r-h-----] F:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in F:\Program Files

[04/03/2009|02:27] F:\Program Files\<DIR> Activision
[11/10/2007|01:02] F:\Program Files\<DIR> Adobe
[08/07/2008|12:07] F:\Program Files\<DIR> Apple Software Update
[05/25/2008|04:30] F:\Program Files\<DIR> ATITool
[03/01/2009|08:45] F:\Program Files\<DIR> BitComet
[08/07/2008|12:08] F:\Program Files\<DIR> Bonjour
[04/19/2009|10:30] F:\Program Files\<DIR> Call of Duty
[03/01/2009|08:45] F:\Program Files\<DIR> Common Files
[11/10/2007|06:57] F:\Program Files\<DIR> Compaq
[10/17/2007|10:20] F:\Program Files\<DIR> ComPlus Applications
[08/06/2008|09:24] F:\Program Files\<DIR> DivX
[11/01/2007|09:19] F:\Program Files\<DIR> Driver Cleaner Pro
[12/05/2007|03:12] F:\Program Files\<DIR> FLV Player
[10/28/2007|07:12] F:\Program Files\<DIR> Futuremark
[03/01/2009|08:44] F:\Program Files\<DIR> HP
[04/03/2009|02:36] F:\Program Files\<DIR> InstallShield Installation Information
[04/15/2009|12:18] F:\Program Files\<DIR> Internet Explorer
[04/30/2008|11:47] F:\Program Files\<DIR> iPod
[04/30/2008|11:47] F:\Program Files\<DIR> iTunes
[10/31/2007|07:35] F:\Program Files\<DIR> Java
[12/31/2002|11:32] F:\Program Files\<DIR> Logitech
[02/27/2008|06:37] F:\Program Files\<DIR> MagicTune Premium
[08/13/2008|01:37] F:\Program Files\<DIR> Messenger
[12/09/2007|09:35] F:\Program Files\<DIR> Microsoft ActiveSync
[10/17/2007|10:23] F:\Program Files\<DIR> microsoft frontpage
[12/09/2007|09:35] F:\Program Files\<DIR> Microsoft Office
[12/09/2007|09:35] F:\Program Files\<DIR> Microsoft.NET
[10/18/2007|06:57] F:\Program Files\<DIR> Movie Maker
[04/19/2009|11:13] F:\Program Files\<DIR> Mozilla Firefox
[12/11/2008|06:12] F:\Program Files\<DIR> Mozilla Thunderbird
[10/17/2007|10:20] F:\Program Files\<DIR> MSN Gaming Zone
[11/04/2007|03:59] F:\Program Files\<DIR> MSXML 4.0
[11/04/2007|10:12] F:\Program Files\<DIR> Netflix
[10/18/2007|06:56] F:\Program Files\<DIR> NetMeeting
[08/12/2008|10:39] F:\Program Files\<DIR> NVIDIA Corporation
[11/07/2007|08:07] F:\Program Files\<DIR> Online Services
[10/19/2007|12:40] F:\Program Files\<DIR> Outlook Express
[11/10/2007|01:16] F:\Program Files\<DIR> Photomatix
[12/20/2007|10:30] F:\Program Files\<DIR> Pro Imaging Powertoys
[08/07/2008|12:08] F:\Program Files\<DIR> QuickTime
[11/27/2007|11:21] F:\Program Files\<DIR> Realtek
[05/25/2008|04:22] F:\Program Files\<DIR> RivaTuner v2.09
[06/03/2008|08:09] F:\Program Files\<DIR> Simpli Software
[03/19/2009|09:35] F:\Program Files\<DIR> Spybot - Search & Destroy
[10/18/2007|07:38] F:\Program Files\<DIR> Teamspeak2_RC2
[04/19/2009|07:11] F:\Program Files\<DIR> Trend Micro
[01/01/2003|05:09] F:\Program Files\<DIR> Uninstall Information
[10/18/2007|10:50] F:\Program Files\<DIR> VideoLAN
[11/05/2007|09:46] F:\Program Files\<DIR> Windows Media Connect 2
[11/05/2007|09:46] F:\Program Files\<DIR> Windows Media Player
[10/18/2007|07:11] F:\Program Files\<DIR> Windows NT
[10/17/2007|10:20] F:\Program Files\<DIR> WindowsUpdate
[03/19/2009|07:36] F:\Program Files\<DIR> WinPcap
[10/18/2007|10:26] F:\Program Files\<DIR> WinRAR
[10/17/2007|10:23] F:\Program Files\<DIR> xerox

--------------------\\ Listing Folders in F:\Program Files\Common Files

[11/10/2007|01:02] F:\Program Files\Common Files\<DIR> Adobe
[11/10/2007|01:01] F:\Program Files\Common Files\<DIR> Adobe Systems Shared
[12/09/2007|09:35] F:\Program Files\Common Files\<DIR> DESIGNER
[12/16/2007|09:22] F:\Program Files\Common Files\<DIR> Hewlett-Packard
[12/16/2007|09:23] F:\Program Files\Common Files\<DIR> HP
[01/01/2003|05:14] F:\Program Files\Common Files\<DIR> InstallShield
[10/31/2007|07:35] F:\Program Files\Common Files\<DIR> Java
[10/19/2007|08:59] F:\Program Files\Common Files\<DIR> Logitech
[10/18/2007|10:20] F:\Program Files\Common Files\<DIR> Macrovision Shared
[06/12/2008|12:52] F:\Program Files\Common Files\<DIR> Microsoft Shared
[10/17/2007|10:21] F:\Program Files\Common Files\<DIR> MSSoap
[10/18/2007|06:17] F:\Program Files\Common Files\<DIR> ODBC
[10/17/2007|10:21] F:\Program Files\Common Files\<DIR> Services
[10/18/2007|06:17] F:\Program Files\Common Files\<DIR> SpeechEngines
[12/09/2007|09:35] F:\Program Files\Common Files\<DIR> System

--------------------\\ Process

( 31 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 23:32:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

F:\DOCUME~1\Nate\Application Data\uTorrent\Adobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen.torrent


[F:8][D:5]-> F:\DOCUME~1\Nate\LOCALS~1\Temp
[F:2][D:0]-> F:\DOCUME~1\Nate\Cookies
[F:6][D:4]-> F:\DOCUME~1\Nate\LOCALS~1\TEMPOR~1\content.IE5

1 - "F:\Lop SD\LopR_1.txt" - Sun 04/19/2009|23:32 - Option : [1]

--------------------\\ Scan completed at 23:32:47


_________________________________________________________________________________________

Edited by mt1, 21 April 2009 - 10:55 PM.

  • 0

Advertisements


#2
mt1

mt1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
OTListIt logfile created on: 4/19/2009 11:34:04 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = F:\Documents and Settings\Nate\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): F:\pagefile.sys 2046 4092;

%SystemDrive% = F: | %SystemRoot% = F:\WINDOWS | %ProgramFiles% = F:\Program Files
Drive C: | 111.78 Gb Total Space | 29.94 Gb Free Space | 26.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 6.95 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 232.88 Gb Total Space | 140.98 Gb Free Space | 60.54% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NATHAN-47DYPNKA
Current User Name: Nate
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/03/04 11:02:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/04/13 18:45:21 | 00,075,064 | ---- | M] () -- F:\WINDOWS\system32\PnkBstrA.exe
PRC - [2004/08/04 00:56:57 | 00,013,824 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\wscntfy.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Explorer.EXE
PRC - [2003/08/29 16:13:04 | 01,436,160 | ---- | M] (Dominating Bytes Design) -- F:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
PRC - [2009/04/19 22:52:13 | 00,189,072 | ---- | M] () -- F:\WINDOWS\system32\PnkBstrB.exe
PRC - [2009/04/13 20:02:32 | 00,307,704 | ---- | M] (Mozilla Corporation) -- F:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004/08/04 00:56:48 | 00,388,608 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\system32\cmd.exe
PRC - [2009/04/19 23:21:03 | 00,501,248 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Nate\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/11/10 13:01:55 | 00,072,704 | ---- | M] (Adobe Systems) -- F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [Disabled | Stopped])
SRV - [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] () -- F:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/10/18 22:20:00 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [Disabled | Stopped])
SRV - [2004/08/04 00:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/03/11 22:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- F:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/03/11 23:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- F:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- F:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2006/11/08 17:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- F:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/03/04 11:02:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 05:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/08 17:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- F:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Disabled | Stopped])
SRV - [2009/04/13 18:45:21 | 00,075,064 | ---- | M] () -- F:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - File not found -- -- (winss [Disabled | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])
SRV - [2009/04/19 22:52:13 | 00,189,072 | ---- | M] () -- F:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/10 06:08:50 | 00,024,064 | ---- | M] () -- F:\WINDOWS\system32\DRIVERS\ATITool.sys -- (ATITool [System | Running])
DRV - [2004/10/25 20:02:58 | 00,021,664 | ---- | M] (EnTech Taiwan) -- F:\WINDOWS\system32\DRIVERS\ENTECH.sys -- (ENTECH [On_Demand | Stopped])
DRV - [2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- F:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/01/07 18:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- F:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/03/07 21:20:48 | 00,049,920 | R--- | M] (HP) -- F:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2007/03/07 21:20:49 | 00,016,496 | R--- | M] (HP) -- F:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2007/03/07 21:20:50 | 00,021,568 | R--- | M] (HP) -- F:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2007/11/01 15:38:56 | 04,620,288 | ---- | M] (Realtek Semiconductor Corp.) -- F:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/07/19 12:27:26 | 00,013,568 | ---- | M] (Logitech Inc.) -- F:\WINDOWS\System32\Drivers\L8042Kbd.sys -- (L8042Kbd [On_Demand | Stopped])
DRV - [2006/07/19 12:27:46 | 00,055,936 | ---- | M] (Logitech Inc.) -- F:\WINDOWS\System32\Drivers\L8042mou.sys -- (L8042mou [On_Demand | Stopped])
DRV - [2007/04/11 15:32:52 | 00,034,832 | ---- | M] (Logitech, Inc.) -- F:\WINDOWS\system32\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV - [2006/07/19 12:29:08 | 00,027,136 | ---- | M] (Logitech Inc.) -- F:\WINDOWS\system32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Stopped])
DRV - [2007/04/11 15:32:58 | 00,036,112 | ---- | M] (Logitech, Inc.) -- F:\WINDOWS\system32\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV - [2006/07/19 12:28:56 | 00,071,936 | ---- | M] (Logitech Inc.) -- F:\WINDOWS\System32\Drivers\LMouKE.sys -- (LMouKE [On_Demand | Stopped])
DRV - [2007/11/15 13:30:48 | 00,034,064 | ---- | M] (CACE Technologies) -- F:\WINDOWS\system32\drivers\npf.sys -- (npf [Auto | Running])
DRV - [2008/03/04 11:02:00 | 07,435,104 | ---- | M] (NVIDIA Corporation) -- F:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/09/21 15:39:16 | 00,105,344 | R--- | M] (NVIDIA Corporation) -- F:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2006/08/07 16:39:22 | 00,052,736 | R--- | M] (NVIDIA Corporation) -- F:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006/08/07 16:39:24 | 00,018,944 | R--- | M] (NVIDIA Corporation) -- F:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2007/03/28 15:36:50 | 00,013,864 | ---- | M] (NVidia Corp.) -- F:\WINDOWS\nvflash.sys -- (NVR0FLASHDev [Auto | Running])
DRV - [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- F:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/05/07 04:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- F:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/04/28 11:25:00 | 00,009,088 | ---- | M] () -- F:\Program Files\RivaTuner v2.09\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- F:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2007/11/10 12:44:45 | 00,685,816 | ---- | M] () -- F:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/MemberHome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.calguns.n...orum/index.php"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: F:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/13 20:02:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: F:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/13 20:02:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: F:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2008/08/08 23:13:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: F:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS [2008/08/07 00:08:22 | 00,000,000 | ---D | M]

[2008/06/16 21:11:12 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Nate\Application Data\mozilla\Extensions
[2008/06/16 21:11:12 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Nate\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/19 22:52:33 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Nate\Application Data\mozilla\Firefox\Profiles\lv5ahhce.default\extensions
[2009/04/19 22:52:32 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Nate\Application Data\mozilla\Firefox\Profiles\lv5ahhce.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/09 23:27:03 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Nate\Application Data\mozilla\Firefox\Profiles\lv5ahhce.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2007/10/18 22:15:21 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Nate\Application Data\mozilla\Firefox\Profiles\lv5ahhce.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009/03/09 23:05:32 | 00,000,000 | ---D | M] -- F:\Documents and Settings\Nate\Application Data\mozilla\Firefox\Profiles\lv5ahhce.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/04/19 22:52:33 | 00,000,000 | ---D | M] -- F:\Program Files\mozilla firefox\extensions
[2009/04/13 20:02:32 | 00,000,000 | ---D | M] -- F:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/31 19:35:46 | 00,000,000 | ---D | M] -- F:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/04/13 20:02:32 | 00,023,032 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/13 20:02:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- F:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/26 16:10:55 | 00,001,394 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/26 16:10:55 | 00,002,193 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/26 16:10:55 | 00,001,534 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/01 16:35:54 | 00,002,343 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/26 16:10:55 | 00,001,706 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/26 16:10:55 | 00,001,178 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/26 16:10:55 | 00,000,792 | ---- | M] () -- F:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (228383 bytes) - F:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8011 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RivaTunerStartupDaemon] "F:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S ()
O4 - HKCU..\Run: [AdobeUpdater] F:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://go.microsoft....k/?LinkId=82580 (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} http://www.streamplu...reamPlug/SP.cab (StreamPlug Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1192756974638 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1192757620328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: DirectAnimation Java Classes file://F:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://F:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - F:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - F:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - F:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - F:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (F:\WINDOWS\system32\sdra64.exe) - F:\WINDOWS\system32\sdra64.exe ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/12/31 23:28:12 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/15 17:53:55 | 00,000,142 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - F:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[6 F:\WINDOWS\*.tmp files]
[2009/04/19 23:31:36 | 00,000,000 | ---D | C] -- F:\Lop SD
[2009/04/19 23:31:32 | 00,530,106 | ---- | C] () -- F:\Documents and Settings\Nate\Desktop\LopSD.exe
[2009/04/19 23:28:39 | 00,000,000 | ---D | C] -- F:\Rooter$
[2009/04/19 23:27:10 | 00,094,208 | ---- | C] () -- F:\Documents and Settings\Nate\Desktop\GooredFix.exe
[2009/04/19 23:21:03 | 00,501,248 | ---- | C] (OldTimer Tools) -- F:\Documents and Settings\Nate\Desktop\OTListIt2.exe
[2009/04/19 23:20:58 | 00,267,612 | ---- | C] () -- F:\Documents and Settings\Nate\Desktop\Rooter.exe
[2009/04/19 19:57:38 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Nate\My Documents\Activision
[2009/04/19 19:20:30 | 00,563,984 | ---- | C] () -- F:\Documents and Settings\Nate\Desktop\cc_20090419_192026.reg
[2009/04/19 19:11:08 | 00,001,734 | ---- | C] () -- F:\Documents and Settings\Nate\Desktop\HijackThis.lnk
[2009/04/19 19:11:08 | 00,000,000 | ---D | C] -- F:\Program Files\Trend Micro
[2009/04/19 19:09:51 | 03,190,688 | ---- | C] (Piriform Ltd) -- F:\Documents and Settings\Nate\Desktop\ccsetup218.exe
[2009/04/19 19:08:31 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- F:\Documents and Settings\Nate\Desktop\HJTInstall.exe
[2009/04/19 19:03:36 | 00,000,000 | ---D | C] -- F:\!KillBox
[2009/04/19 19:03:09 | 00,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- F:\Documents and Settings\Nate\Desktop\KillBox.exe
[2009/04/14 20:24:05 | 00,616,960 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/14 20:24:05 | 00,473,088 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/14 20:24:05 | 00,453,120 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/14 20:24:05 | 00,399,360 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/14 20:24:05 | 00,283,648 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/14 20:24:05 | 00,227,840 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/14 20:24:05 | 00,110,592 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\services.exe
[2009/04/14 20:24:05 | 00,060,416 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\colbact.dll
[2009/04/14 20:24:04 | 00,714,752 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/03 14:38:42 | 00,000,000 | ---D | C] -- F:\Documents and Settings\Nate\Local Settings\Application Data\Activision
[2009/04/03 14:38:14 | 03,850,760 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\D3DX9_38.dll
[2009/04/03 14:38:14 | 01,491,992 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\D3DCompiler_38.dll
[2009/04/03 14:38:14 | 00,507,400 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\XAudio2_1.dll
[2009/04/03 14:38:14 | 00,467,984 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\d3dx10_38.dll
[2009/04/03 14:38:14 | 00,238,088 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\xactengine3_1.dll
[2009/04/03 14:38:14 | 00,065,032 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\XAPOFX1_0.dll
[2009/04/03 14:38:14 | 00,025,608 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\X3DAudio1_4.dll
[2009/04/03 14:38:13 | 03,786,760 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\D3DX9_37.dll
[2009/04/03 14:38:13 | 01,420,824 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\D3DCompiler_37.dll
[2009/04/03 14:38:13 | 00,479,752 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\XAudio2_0.dll
[2009/04/03 14:38:13 | 00,462,864 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\d3dx10_37.dll
[2009/04/03 14:38:13 | 00,238,088 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\xactengine3_0.dll
[2009/04/03 14:38:13 | 00,025,608 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\X3DAudio1_3.dll
[2009/04/03 14:38:12 | 03,734,536 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\d3dx9_36.dll
[2009/04/03 14:38:12 | 01,374,232 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\D3DCompiler_36.dll
[2009/04/03 14:38:12 | 00,444,776 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\d3dx10_36.dll
[2009/04/03 14:38:12 | 00,267,272 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\xactengine2_10.dll
[2009/04/03 14:38:12 | 00,267,112 | ---- | C] (Microsoft Corporation) -- F:\WINDOWS\System32\xactengine2_9.dll
[2009/04/03 14:37:34 | 00,001,675 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Call of Duty® - World at War™ Multiplayer.lnk
[2009/04/03 14:37:34 | 00,001,665 | ---- | C] () -- F:\Documents and Settings\All Users\Desktop\Call of Duty® - World at War™ Solo - Co-op.lnk
[2009/04/03 14:37:34 | 00,000,000 | ---D | C] -- F:\WINDOWS\Logs
[2009/04/03 14:36:52 | 00,682,280 | ---- | C] () -- F:\WINDOWS\System32\pbsvc.exe
[2009/03/19 20:05:46 | 00,000,096 | ---- | C] () -- F:\WINDOWS\wininit.ini
[2009/03/19 19:34:42 | 00,013,824 | ---- | C] () -- F:\WINDOWS\System32\dll32.dll
[2008/07/23 09:50:52 | 03,596,288 | ---- | C] () -- F:\WINDOWS\System32\qt-dx331.dll
[2008/07/23 09:47:34 | 00,000,416 | ---- | C] () -- F:\WINDOWS\System32\dtu100.dll.manifest
[2008/07/23 09:47:34 | 00,000,416 | ---- | C] () -- F:\WINDOWS\System32\dpl100.dll.manifest
[2008/07/23 09:46:38 | 00,012,288 | ---- | C] () -- F:\WINDOWS\System32\DivXWMPExtType.dll
[2008/05/20 09:34:12 | 00,000,319 | ---- | C] () -- F:\WINDOWS\game.ini
[2008/03/04 11:02:00 | 01,703,936 | ---- | C] () -- F:\WINDOWS\System32\nvwdmcpl.dll
[2008/03/04 11:02:00 | 01,482,752 | ---- | C] () -- F:\WINDOWS\System32\nview.dll
[2008/03/04 11:02:00 | 01,019,904 | ---- | C] () -- F:\WINDOWS\System32\nvwimg.dll
[2008/03/04 11:02:00 | 00,466,944 | ---- | C] () -- F:\WINDOWS\System32\nvshell.dll
[2008/03/04 11:02:00 | 00,286,720 | ---- | C] () -- F:\WINDOWS\System32\nvnt4cpl.dll
[2007/12/09 21:36:10 | 00,000,376 | ---- | C] () -- F:\WINDOWS\ODBC.INI
[2007/11/10 13:16:58 | 00,782,336 | ---- | C] () -- F:\WINDOWS\System32\IlmImf.dll
[2007/11/10 13:16:58 | 00,446,464 | ---- | C] () -- F:\WINDOWS\System32\Photomatix_jpg.dll
[2007/11/10 13:16:58 | 00,353,280 | ---- | C] () -- F:\WINDOWS\System32\pmtf2.dll
[2007/11/10 13:16:58 | 00,266,240 | ---- | C] () -- F:\WINDOWS\System32\Photomatix25Lib.dll
[2007/11/10 13:16:58 | 00,249,856 | ---- | C] () -- F:\WINDOWS\System32\Photomatix25Lib2.dll
[2007/11/10 13:16:58 | 00,205,824 | ---- | C] () -- F:\WINDOWS\System32\pmtf1.dll
[2007/11/10 13:16:58 | 00,204,288 | ---- | C] () -- F:\WINDOWS\System32\pmtf3.dll
[2007/11/10 13:16:58 | 00,167,936 | ---- | C] () -- F:\WINDOWS\System32\Photomatix25Lib3.dll
[2007/11/10 13:16:58 | 00,053,248 | ---- | C] () -- F:\WINDOWS\System32\pmexr.dll
[2007/11/10 13:16:58 | 00,011,776 | ---- | C] () -- F:\WINDOWS\System32\pmbm.dll
[2007/11/10 12:44:45 | 00,685,816 | ---- | C] () -- F:\WINDOWS\System32\drivers\sptd.sys
[2007/11/07 19:10:36 | 00,000,754 | ---- | C] () -- F:\WINDOWS\wordpad.INI
[2007/10/28 19:14:00 | 00,003,972 | ---- | C] () -- F:\WINDOWS\System32\drivers\PciBus.sys
[2007/10/19 23:15:31 | 00,138,920 | ---- | C] () -- F:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/10/18 23:54:31 | 00,000,745 | ---- | C] () -- F:\WINDOWS\CoD.INI
[2007/07/24 15:17:08 | 00,061,440 | ---- | C] () -- F:\WINDOWS\System32\dnssd.dll
[2007/03/05 13:34:28 | 00,693,792 | ---- | C] () -- F:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/10 06:08:50 | 00,024,064 | ---- | C] () -- F:\WINDOWS\System32\drivers\ATITool.sys
[2006/04/22 16:00:10 | 00,053,299 | ---- | C] () -- F:\WINDOWS\System32\pthreadVC.dll
[2003/01/07 08:05:08 | 00,002,695 | ---- | C] () -- F:\WINDOWS\System32\OUTLPERF.INI
[2003/01/01 17:26:31 | 00,363,520 | ---- | C] () -- F:\WINDOWS\System32\psisdecd.dll
[2002/08/29 05:00:00 | 00,000,638 | ---- | C] () -- F:\WINDOWS\win.ini
[2002/08/29 05:00:00 | 00,000,227 | ---- | C] () -- F:\WINDOWS\system.ini
[1996/04/03 12:33:26 | 00,005,248 | ---- | C] () -- F:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[6 F:\WINDOWS\*.tmp files]
[2009/04/19 23:31:32 | 00,530,106 | ---- | M] () -- F:\Documents and Settings\Nate\Desktop\LopSD.exe
[2009/04/19 23:27:10 | 00,094,208 | ---- | M] () -- F:\Documents and Settings\Nate\Desktop\GooredFix.exe
[2009/04/19 23:21:03 | 00,501,248 | ---- | M] (OldTimer Tools) -- F:\Documents and Settings\Nate\Desktop\OTListIt2.exe
[2009/04/19 23:20:58 | 00,267,612 | ---- | M] () -- F:\Documents and Settings\Nate\Desktop\Rooter.exe
[2009/04/19 22:52:13 | 00,189,072 | ---- | M] () -- F:\WINDOWS\System32\PnkBstrB.xtr
[2009/04/19 22:52:13 | 00,189,072 | ---- | M] () -- F:\WINDOWS\System32\PnkBstrB.exe
[2009/04/19 22:31:17 | 00,138,920 | ---- | M] () -- F:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/04/19 19:23:55 | 00,002,422 | ---- | M] () -- F:\WINDOWS\System32\wpa.dbl
[2009/04/19 19:23:00 | 00,000,006 | -H-- | M] () -- F:\WINDOWS\tasks\SA.DAT
[2009/04/19 19:22:56 | 00,002,048 | --S- | M] () -- F:\WINDOWS\bootstat.dat
[2009/04/19 19:21:58 | 00,563,984 | ---- | M] () -- F:\Documents and Settings\Nate\Desktop\cc_20090419_192026.reg
[2009/04/19 19:11:08 | 00,001,734 | ---- | M] () -- F:\Documents and Settings\Nate\Desktop\HijackThis.lnk
[2009/04/19 19:09:56 | 03,190,688 | ---- | M] (Piriform Ltd) -- F:\Documents and Settings\Nate\Desktop\ccsetup218.exe
[2009/04/19 19:08:31 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- F:\Documents and Settings\Nate\Desktop\HJTInstall.exe
[2009/04/19 19:03:10 | 00,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- F:\Documents and Settings\Nate\Desktop\KillBox.exe
[2009/04/15 21:01:46 | 00,002,137 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/15 20:53:16 | 00,481,788 | ---- | M] () -- F:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 20:53:16 | 00,409,430 | ---- | M] () -- F:\WINDOWS\System32\perfh009.dat
[2009/04/15 20:53:16 | 00,064,634 | ---- | M] () -- F:\WINDOWS\System32\perfc009.dat
[2009/04/15 00:16:41 | 00,000,638 | ---- | M] () -- F:\WINDOWS\win.ini
[2009/04/13 18:45:21 | 00,075,064 | ---- | M] () -- F:\WINDOWS\System32\PnkBstrA.exe
[2009/04/06 07:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\System32\MRT.exe
[2009/04/03 14:37:34 | 00,001,675 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Call of Duty® - World at War™ Multiplayer.lnk
[2009/04/03 14:37:34 | 00,001,665 | ---- | M] () -- F:\Documents and Settings\All Users\Desktop\Call of Duty® - World at War™ Solo - Co-op.lnk
[2009/04/03 14:37:13 | 00,022,328 | ---- | M] () -- F:\Documents and Settings\Nate\Application Data\PnkBstrK.sys
[2009/04/03 14:36:52 | 00,682,280 | ---- | M] () -- F:\WINDOWS\System32\pbsvc.exe
[2009/03/27 00:09:32 | 01,193,414 | ---- | M] () -- F:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/03/21 07:18:57 | 00,986,112 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\System32\kernel32.dll
[2009/03/21 07:18:57 | 00,986,112 | ---- | M] (Microsoft Corporation) -- F:\WINDOWS\System32\dllcache\kernel32.dll
< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP