Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help removing Troj/Rustok-N [Closed]

Started by Nacram , Apr 28 2009 08:52 PM

  • This topic is locked This topic is locked

#1
Nacram
Posted 28 April 2009 - 08:52 PM

Nacram

    New Member

  • Member
  • Pip
  • 7 posts
Hey, I would appreciate any help or advise on how to remove Troj/Rustok-N.

I am running on a Windows Vista laptop.

Thanks.

If you need me to post anything else, just ask.
  • 0

Advertisements

#2
SpySentinel
Posted 01 May 2009 - 05:07 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi Nacram,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.


Please Click here!, and follow the recommendations in the guide.

The post the Rooter and OTListIt2 Logs here.

Edited by SpySentinel, 01 May 2009 - 05:08 PM.

  • 0

#3
Nacram
Posted 02 May 2009 - 01:12 AM

Nacram

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Rooter log: Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1

C:\ [Fixed] - NTFS - (Total:139754 Mo/Free:169 Mo)
D:\ [Fixed] - NTFS - (Total:10239 Mo/Free:1380 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

02/05/2009| 0:59

----------------------\\ Processes..

--Locked-- [System Process]
--Locked-- System
---------- \SystemRoot\System32\smss.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\wininit.exe
---------- C:\Windows\system32\csrss.exe
---------- C:\Windows\system32\services.exe
---------- C:\Windows\system32\lsass.exe
---------- C:\Windows\system32\lsm.exe
---------- C:\Windows\system32\winlogon.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\svchost.exe
--Locked-- audiodg.exe
---------- C:\Windows\system32\SLsvc.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\WLTRYSVC.EXE
---------- C:\Windows\system32\WLANExt.exe
---------- C:\Windows\System32\bcmwltry.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\system32\aestsrv.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
---------- C:\Program Files\Shaw Secure\Common\FSMA32.EXE
---------- C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
---------- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
---------- C:\Program Files\Shaw Secure\Common\FSMB32.EXE
---------- C:\Windows\system32\svchost.exe
---------- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
---------- C:\Windows\system32\STacSV.exe
---------- C:\Windows\system32\svchost.exe
---------- C:\Windows\System32\svchost.exe
---------- C:\Windows\system32\SearchIndexer.exe
---------- C:\Program Files\Shaw Secure\Common\FCH32.EXE
---------- C:\Windows\system32\DRIVERS\xaudio.exe
---------- C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
---------- C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
---------- C:\Program Files\Shaw Secure\FSPC\fspc.exe
---------- C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
---------- C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
---------- C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
---------- C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
---------- C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
---------- C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\Dwm.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Program Files\DellTPad\Apoint.exe
---------- C:\Windows\System32\igfxtray.exe
---------- C:\Windows\system32\igfxsrvc.exe
---------- C:\Windows\System32\hkcmd.exe
---------- C:\Windows\System32\igfxpers.exe
---------- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
---------- C:\Windows\System32\WLTRAY.EXE
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Program Files\Dell\MediaDirect\PCMService.exe
---------- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
---------- C:\Program Files\Shaw Secure\Common\FSM32.EXE
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\Windows\system32\conime.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
---------- C:\Users\Kevin\Program Files\DNA\btdna.exe
---------- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
---------- C:\Windows\ehome\ehtray.exe
---------- C:\Windows\ehome\ehmsas.exe
---------- C:\Program Files\Windows Media Player\wmpnscfg.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\Windows Media Player\wmpnetwk.exe
---------- C:\Program Files\DellTPad\ApMsgFwd.exe
---------- C:\Program Files\DellTPad\HidFind.exe
---------- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
---------- C:\Program Files\DellTPad\Apntex.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Windows\system32\taskeng.exe
---------- C:\Users\Kevin\AppData\Local\Temp\QuickyPlaeyr.exe
---------- C:\Windows\System32\spoolsv.exe
---------- C:\Windows\temp\103577565.tmp
---------- C:\Program Files\Shaw Secure\FSGUI\scanwizard.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\Program Files\iTunes\iTunes.exe
---------- C:\Windows\system32\SearchProtocolHost.exe
---------- C:\Windows\Explorer.EXE
---------- C:\Windows\system32\SearchFilterHost.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Windows\system32\DllHost.exe
---------- C:\Windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.180,85.255.112.173
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.180,85.255.112.173
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{2845C411-0F61-4B58-8F28-63493B492CE2}]
NameServer REG_SZ 85.255.112.180,85.255.112.173
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{2845C411-0F61-4B58-8F28-63493B492CE2}]
DhcpNameServer REG_SZ 85.255.112.180,85.255.112.173
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{F4EB7C77-7121-4621-A01C-B26B50753BB5}]
NameServer REG_SZ 85.255.112.180,85.255.112.173
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{2845C411-0F61-4B58-8F28-63493B492CE2}]
NameServer REG_SZ 85.255.112.180,85.255.112.173
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{2845C411-0F61-4B58-8F28-63493B492CE2}]
DhcpNameServer REG_SZ 85.255.112.180,85.255.112.173
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{F4EB7C77-7121-4621-A01C-B26B50753BB5}]
NameServer REG_SZ 85.255.112.180,85.255.112.173
==> WAREOUT <==

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\Users\Kevin\Downloads\Adobe CS3 Photoshop Extended and Illustrator - All Cracked\Cracked EXE
C:\Users\Kevin\Downloads\Adobe CS3 Photoshop Extended and Illustrator - All Cracked\Adobe Trial Install Packs\ADBEILSTCS3_WWE.exe
C:\Users\Kevin\Downloads\Adobe CS3 Photoshop Extended and Illustrator - All Cracked\Adobe Trial Install Packs\ADBEPHSPCS3_WWE.exe
C:\Users\Kevin\Downloads\Adobe CS3 Photoshop Extended and Illustrator - All Cracked\Cracked EXE\Illustrator.exe
C:\Users\Kevin\Downloads\Adobe CS3 Photoshop Extended and Illustrator - All Cracked\Cracked EXE\Photoshop.exe


1 - "C:\Rooter$\Rooter_1.txt" - 02/05/2009| 1:01

----------------------\\ Scan completed at 1:01
  • 0

#4
Nacram
Posted 02 May 2009 - 01:14 AM

Nacram

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTListIt Log


OTListIt logfile created on: 02/05/2009 1:06:29 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.2 Folder = C:\Users\Kevin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.92% Memory free
4.00 Gb Paging File | 2.60 Gb Available in Paging File | 65.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.48 Gb Total Space | 60.16 Gb Free Space | 44.08% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.35 Gb Free Space | 53.48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KEVIN-PC
Current User Name: Kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\WLTRYSVC.EXE ()
PRC - C:\Windows\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Windows\system32\aestsrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Program Files\Shaw Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE (F-Secure Corp.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\Shaw Secure\Common\FSMB32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Windows\system32\STacSV.exe (IDT, Inc.)
PRC - C:\Program Files\Shaw Secure\Common\FCH32.EXE (F-Secure Corporation)
PRC - C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe (F-Secure Corporation)
PRC - C:\Program Files\Shaw Secure\Common\FAMEH32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Shaw Secure\FSPC\fspc.exe (F-Secure Corporation)
PRC - C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe (F-Secure Corp.)
PRC - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe (F-Secure Corporation)
PRC - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe (F-Secure Corporation)
PRC - C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation)
PRC - C:\Windows\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation)
PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Shaw Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Windows\system32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe (F-Secure Corporation)
PRC - C:\Users\Kevin\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Users\Kevin\AppData\Local\Temp\QuickyPlaeyr.exe File not found
PRC - C:\Windows\temp\103577565.tmp ()
PRC - C:\Program Files\Shaw Secure\FSGUI\scanwizard.exe (F-Secure Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Users\Kevin\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AESTFilters [Auto | Running]) -- C:\Windows\system32\aestsrv.exe (Andrea Electronics Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (F-Secure Gatekeeper Handler Starter [Auto | Running]) -- C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (FSAUA [On_Demand | Running]) -- C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe (F-Secure Corporation)
SRV - (FSDFWD [On_Demand | Running]) -- C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (FSMA [Auto | Running]) -- C:\Program Files\Shaw Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSORSPClient [On_Demand | Running]) -- C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (GoogleDesktopManager-010708-104812 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (sprtsvc_dellsupportcenter [Auto | Running]) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (STacSV [Auto | Running]) -- C:\Windows\system32\STacSV.exe (IDT, Inc.)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\Windows\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XAudioService [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.exe (Conexant Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (BCM42RLY [On_Demand | Running]) -- C:\Windows\system32\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV - (BCM43XX [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\bcmwl6.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (e1express [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\e1e6032.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (F-Secure Filter [Disabled | Stopped]) -- C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys ()
DRV - (F-Secure Gatekeeper [On_Demand | Running]) -- C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (F-Secure HIPS [System | Running]) -- C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (F-Secure Recognizer [Disabled | Stopped]) -- C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys ()
DRV - (fsbts [Boot | Running]) -- C:\Windows\system32\Drivers\fsbts.sys ()
DRV - (FSES [System | Running]) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation)
DRV - (FSFW [System | Running]) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (fsvista [System | Running]) -- C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsvista.sys ()
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcHdmiAddService [On_Demand | Running]) -- C:\Windows\system32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (R300 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\system32\drivers\stwrt.sys (IDT, Inc.)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (UMPass [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (winachsf [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio [Auto | Running]) -- C:\Windows\system32\DRIVERS\xaudio.sys (Conexant Systems, Inc.)
DRV - (yukonwlh [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\yk60x86.sys (Marvell)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...amp;ibd=1081012
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.wwe.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/07 12:25:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 16:34:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 16:34:23 | 00,000,000 | ---D | M]

[2009/03/24 17:53:14 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions
[2008/12/08 22:58:38 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/24 17:53:14 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/03/11 17:13:13 | 00,000,000 | ---D | M] -- C:\Users\Kevin\AppData\Roaming\mozilla\Firefox\Profiles\53uoilb9.default\extensions
[2009/03/25 18:23:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 16:34:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/06 13:13:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/09 20:13:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/25 18:23:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/28 16:34:14 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 16:34:14 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/30 00:00:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/30 00:00:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/30 00:00:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/10/30 00:00:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/30 00:00:50 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/30 00:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/30 00:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" ( )
O4 - HKLM..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW (F-Secure Corporation)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Users\Kevin\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (SupportSoft, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra 'Tools' menuitem : Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Shaw Secure\FSPS\program\fslsp.dll (F-Secure Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.180,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{2845C411-0F61-4B58-8F28-63493B492CE2}\\NameServer = 85.255.112.180,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{F4EB7C77-7121-4621-A01C-B26B50753BB5}\\NameServer = 85.255.112.180,85.255.112.173
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/05/02 01:08:37 | 00,000,398 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/02 01:08:37 | 00,000,304 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/05/02 01:04:55 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTListIt2.exe
[2009/05/02 00:59:12 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/02 00:58:53 | 00,267,612 | ---- | C] () -- C:\Users\Kevin\Desktop\Rooter.exe
[2009/05/02 00:50:55 | 00,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Virus Stuff
[2009/05/02 00:50:22 | 00,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\Apps
[2009/05/02 00:35:50 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/02 00:35:50 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/02 00:35:46 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/02 00:35:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/05/02 00:35:43 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/02 00:32:39 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/05/02 00:31:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/29 19:33:24 | 00,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\TypingMaster7
[2009/04/29 19:33:17 | 00,000,887 | ---- | C] () -- C:\Users\Public\Desktop\TypingMaster Pro.lnk
[2009/04/29 19:32:55 | 00,000,000 | R--D | C] -- C:\Program Files\TypingMaster
[2009/04/29 19:31:55 | 08,773,328 | ---- | C] (TypingMaster Inc ) -- C:\Users\Kevin\Documents\TypingMaster700.exe
[2009/04/22 21:15:48 | 00,000,398 | RHS- | C] () -- C:\autorun.inf
[2009/04/22 21:15:48 | 00,000,000 | ---D | C] -- C:\RECYCLER
[2009/04/16 16:36:09 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/04/16 16:35:11 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/16 16:34:54 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/16 16:34:54 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/16 16:24:19 | 00,551,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcss.dll
[2009/04/16 16:24:18 | 03,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/04/16 16:24:17 | 03,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/04/16 16:24:14 | 00,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2009/04/16 16:24:13 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2009/04/16 16:24:13 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2009/04/16 16:24:13 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2009/04/16 16:24:13 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2009/04/16 16:24:13 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2009/04/16 16:24:13 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2009/04/16 16:24:06 | 00,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2009/04/16 16:24:05 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2009/04/16 16:24:01 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winhttp.dll
[2009/04/16 16:23:46 | 01,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/04/16 16:23:43 | 00,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
[2009/04/16 16:23:40 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/04/16 16:23:38 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2009/04/16 16:23:37 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2009/04/16 16:22:24 | 03,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/04/16 16:22:03 | 06,068,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/04/16 14:41:55 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/04/16 14:41:49 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/04/16 14:41:47 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/04/16 14:41:47 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/04/16 14:41:46 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/04/16 14:41:42 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/04/16 14:41:42 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/04/16 14:41:41 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/04/16 14:41:41 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/04/16 14:41:40 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/04/16 14:41:38 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/04/16 14:41:37 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/04/16 14:41:32 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/01/20 13:34:00 | 00,033,408 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2008/10/11 20:22:00 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/10/11 20:22:00 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/10/11 20:22:00 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/10/11 20:22:00 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/10/11 20:22:00 | 00,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/10/11 20:21:57 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/10/11 17:47:35 | 00,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/02/04 19:23:10 | 00,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2006/11/02 06:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 04:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Files - Modified Within 30 Days ==========

[2009/05/02 01:10:37 | 00,000,357 | RHS- | M] () -- C:\autorun.inf
[2009/05/02 01:05:00 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTListIt2.exe
[2009/05/02 00:58:58 | 00,267,612 | ---- | M] () -- C:\Users\Kevin\Desktop\Rooter.exe
[2009/05/02 00:49:42 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/02 00:27:26 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/02 00:27:26 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/01 22:27:31 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/01 20:12:53 | 00,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2009/04/29 19:33:17 | 00,000,887 | ---- | M] () -- C:\Users\Public\Desktop\TypingMaster Pro.lnk
[2009/04/29 19:32:02 | 08,773,328 | ---- | M] (TypingMaster Inc ) -- C:\Users\Kevin\Documents\TypingMaster700.exe
[2009/04/21 16:34:26 | 00,702,128 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/04/21 16:34:26 | 00,607,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/04/21 16:34:26 | 00,109,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/04/21 16:29:58 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/04/21 16:29:51 | 21,370,42944 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/16 16:36:09 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/04/06 08:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
< End of report >
  • 0

#5
SpySentinel
Posted 02 May 2009 - 12:24 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi Nacram,
Looks like you have a Wareout Infection.


Please download FixWareout from here:
http://downloads.sub.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new OTListIt2 log
  • 0

#6
Nacram
Posted 02 May 2009 - 11:55 PM

Nacram

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hey,

I tried that link and it didnt work so I went to FileFront and installed it but when I started it up, It said my version of Windows was unsupported and closed.
  • 0

#7
SpySentinel
Posted 04 May 2009 - 01:27 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi Nacram, Thanks for letting me know.


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#8
Nacram
Posted 04 May 2009 - 05:23 PM

Nacram

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
log:


ComboFix 09-05-03.6 - Kevin 04/05/2009 16:51.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.2037.1230 [GMT -6:00]
Running from: c:\users\Kevin\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\recycler\S-9-7-57-100020115-100005454-100019763-3916.com
c:\users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\ijjistarter_verinfo.dat
c:\users\Kevin\AppData\Local\Microsoft\Windows\Temporary Internet Files\ijjistarter2FxB.exe
c:\windows\system32\drivers\gxvxcnhqfwxuctsxtgrkxdtbtximccugrhifm.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcekprpctdvmvswxspirgxveqqtxqkfefe.dll
D:\Autorun.inf
d:\recycler\S-9-7-57-100020115-100005454-100019763-3916.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.

2009-05-03 05:50 . 2009-05-03 05:52 -------- d-----w C:\fixwareout
2009-05-02 06:59 . 2009-05-02 07:01 -------- d-----w C:\Rooter$
2009-05-02 06:35 . 2009-04-06 21:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-02 06:35 . 2009-04-06 21:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-02 06:35 . 2009-05-02 06:35 -------- d-----w c:\programdata\Malwarebytes
2009-05-02 06:35 . 2009-05-02 06:35 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-02 06:35 . 2009-05-02 06:49 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-02 06:31 . 2009-05-02 06:31 -------- d-----w c:\program files\ERUNT
2009-04-30 01:33 . 2009-04-30 01:46 -------- d-----w c:\users\Kevin\AppData\Roaming\TypingMaster7
2009-04-30 01:32 . 2009-04-30 01:33 -------- d-----r c:\program files\TypingMaster
2009-04-16 22:35 . 2008-04-17 18:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-16 22:35 . 2009-03-19 22:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-16 22:35 . 2009-04-16 22:35 -------- d-----w c:\program files\iPod
2009-04-16 22:34 . 2009-04-16 22:35 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-16 22:34 . 2009-04-16 22:35 -------- d-----w c:\users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-16 22:34 . 2009-04-16 22:35 -------- d-----w c:\program files\iTunes
2009-04-16 22:23 . 2009-02-13 08:49 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-04-16 22:23 . 2009-02-13 08:49 72704 ----a-w c:\windows\system32\secur32.dll
2009-04-16 22:23 . 2009-03-17 03:38 13824 ----a-w c:\windows\system32\apilogen.dll
2009-04-16 22:23 . 2009-03-17 03:38 24064 ----a-w c:\windows\system32\amxread.dll
2009-04-16 20:41 . 2009-03-03 04:40 827392 ----a-w c:\windows\system32\wininet.dll
2009-04-16 20:41 . 2009-03-03 02:28 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-04-16 20:41 . 2009-03-03 04:37 78336 ----a-w c:\windows\system32\ieencode.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 22:35 . 2009-01-13 19:53 -------- d-----w c:\program files\Shaw Secure
2009-04-17 01:20 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-16 22:35 . 2008-12-03 01:42 -------- d-----w c:\program files\Common Files\Apple
2009-03-26 00:23 . 2008-10-11 23:40 -------- d-----w c:\program files\Java
2009-03-24 22:22 . 2008-12-03 03:02 -------- d-----w c:\program files\LimeWire
2009-03-17 22:36 . 2009-03-17 22:34 -------- d-----w c:\program files\QuickTime
2009-03-17 22:32 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-03-17 22:32 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-03-17 22:32 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-03-17 04:13 . 2008-12-03 03:38 -------- d-----w c:\program files\Common Files\Adobe
2009-03-11 23:12 . 2009-03-05 02:36 -------- d-----w c:\program files\NOS
2009-03-09 11:19 . 2008-12-10 02:13 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 05:59 . 2009-03-06 05:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-06 05:59 . 2009-03-06 05:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-03 04:46 . 2009-04-16 22:24 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 22:24 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-16 22:24 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 22:24 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 22:24 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 22:24 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 22:24 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 22:24 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 22:24 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 22:24 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-26 23:24 . 2008-12-03 02:19 109320 ----a-w c:\users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-09 03:10 . 2009-03-10 22:41 2033152 ----a-w c:\windows\system32\win32k.sys
2009-02-04 23:40 . 2009-02-04 23:40 5972 ----a-w c:\users\Kevin\AppData\Local\d3d9caps.dat
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-10-12 02:14 . 2008-10-12 02:13 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\Kevin\Program Files\DNA\btdna.exe" [2008-12-18 342848]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-07-03 3563520]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-11 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-11-07 184320]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"F-Secure Manager"="c:\program files\Shaw Secure\Common\FSM32.EXE" [2008-09-23 182936]
"F-Secure TNB"="c:\program files\Shaw Secure\FSGUI\TNBUtil.exe" [2008-09-23 957024]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-11 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{97FA4547-7836-4D02-ADE0-BF084FB5AB11}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{F0102F71-4034-4307-B74C-EC9331B39717}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{46E5076D-6714-47F7-905A-25BAD5D8A683}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{21FF4569-9AB0-4DED-816D-8361DBA058FF}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{1571DE4A-0F9A-433D-9352-F3D68AE4A747}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{EDB1A103-ACA2-41FE-B2A0-3E3587B2DD75}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{AF45EBDB-6B4C-4068-8772-D21A21A87EA3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B00993C4-4FBE-4CF6-AFA8-43950FBA8C03}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{CE24EE53-BB4A-4BB4-8832-56A2650F20A3}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{A0A9A585-A7DF-4ED0-A525-60515BF71D81}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{48129896-9864-45BB-BE72-9D04A49E4BC7}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{BAF038DE-3202-42FE-BE7B-1A20E333171D}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{1AB6FABF-F6DA-4E34-AE73-739F16039C6A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{5A5A4958-54F2-4118-B053-8A8C046CFE1F}c:\\users\\kevin\\program files\\dna\\btdna.exe"= UDP:c:\users\kevin\program files\dna\btdna.exe:btdna.exe
"UDP Query User{1F8A9359-C80E-458E-95F2-96B36FD58738}c:\\users\\kevin\\program files\\dna\\btdna.exe"= TCP:c:\users\kevin\program files\dna\btdna.exe:btdna.exe
"TCP Query User{8FAC7ECC-75C8-4551-BCB4-239EE12C7789}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{EE73ADF2-0327-402A-92D5-50D1B84231ED}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{79AA427B-EC07-41E2-9E40-8AF14CE11269}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{21A91EB3-D5BC-4D78-AEC4-6FFE3A55996D}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{13736E61-2E3E-4A81-B36C-24D11D2FEEC4}c:\\users\\kevin\\program files\\dna\\btdna.exe"= UDP:c:\users\kevin\program files\dna\btdna.exe:btdna.exe
"UDP Query User{5FC165CC-AEF0-46BF-B339-819F867002D7}c:\\users\\kevin\\program files\\dna\\btdna.exe"= TCP:c:\users\kevin\program files\dna\btdna.exe:btdna.exe
"TCP Query User{45B34196-C048-4745-8B94-89B87EA6A753}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{8C4B285A-2AAE-4218-97F2-B41991216CEC}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{8A26500A-4E2C-4F2C-8B0A-B38FF4DE04C9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{90E08437-DA67-4D6B-9263-977D450B22B2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{87EB520E-0C28-4509-90A5-6F5C3230108B}c:\\programdata\\ijjigame\\plauncher.exe"= UDP:c:\programdata\ijjigame\plauncher.exe:PLauncher Application
"UDP Query User{349C66A3-DDA8-4D34-A02F-E6F5D73F1DAB}c:\\programdata\\ijjigame\\plauncher.exe"= TCP:c:\programdata\ijjigame\plauncher.exe:PLauncher Application
"{9DEC28E5-C6A8-407B-A533-754BDE61D604}"= UDP:c:\users\Kevin\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"{759B0B25-B6C7-44FC-A2AD-53BEF2128EC9}"= TCP:c:\users\Kevin\AppData\Local\Temp\PurpleBean.exe:PurpleBean.exe
"TCP Query User{3614D0B2-8E6C-43C0-80BF-DED0736ABEB7}c:\\ijji\\english\\u_sf\\soldierfront.exe"= UDP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"UDP Query User{4E0374AE-CF26-48EF-AB3F-86564E0D894E}c:\\ijji\\english\\u_sf\\soldierfront.exe"= TCP:c:\ijji\english\u_sf\soldierfront.exe:soldierfront
"TCP Query User{4D1D21C6-90C3-4DE7-88FE-59B80E5DAFC1}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java™ Platform SE binary
"UDP Query User{303DA4D6-14BD-483F-BC31-4F944291B1F0}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java™ Platform SE binary
"{FA5B8A81-0693-463B-B698-9010B207E6B9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{4C7B9D36-9555-410F-85C9-00BFCC20830F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B8C058DB-1807-4B2D-9297-F6A02E0EDABC}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FE249902-413E-4C6D-984A-34130D55044E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1A66314D-42B1-47FE-AE5E-176C8AFF498F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0E9BBCC6-E209-4492-9362-790D8509942C}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{D0682530-B6C3-4CBE-96C9-5182E39E76DA}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{79E13592-9191-4390-9E40-5CDAD5624DE8}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{9A654D2F-138A-4465-9AD4-43000D415376}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{B4B2DC54-DAF9-4A7F-8B57-7BE876C632C4}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{865D6E22-B857-4D8C-9791-D6BF4677D34D}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{28BAEA0C-31E1-4E6F-9149-C47FE728EDDD}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8D12BC10-C88C-49AE-BEEF-D1D767AEFA9A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Nexon\\Combat Arms\\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

R4 F-Secure Filter;F-Secure File System Filter;c:\program files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys [2008-09-23 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys [2008-09-23 25184]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-01-22 33408]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Shaw Secure\HIPS\drivers\fshs.sys [2008-09-23 66720]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2008-09-23 35552]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2008-09-23 70944]
S1 fsvista;F-Secure Vista Support Driver;c:\program files\Shaw Secure\Anti-Virus\minifilter\fsvista.sys [2008-09-23 12384]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys [2009-03-23 84608]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Shaw Secure\ORSP Client\fsorsp.exe [2008-09-23 55904]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]

.
Contents of the 'Scheduled Tasks' folder

2009-05-04 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\SHAWSE~1\ANTI-V~1\fsav.exe [2009-01-13 13:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wwe.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Shaw Secure\FSPS\program\fslsp.dll
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\53uoilb9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wwe.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Kevin\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 17:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\program files\Shaw Secure\FWES\Program\fsdc32.dll

- - - - - - - > 'lsass.exe'(692)
c:\program files\Shaw Secure\FWES\Program\fsdc32.dll

- - - - - - - > 'csrss.exe'(588)
c:\program files\Shaw Secure\FWES\Program\fsdc32.dll

- - - - - - - > 'csrss.exe'(644)
c:\program files\Shaw Secure\FWES\Program\fsdc32.dll
.
Completion time: 2009-05-04 17:18
ComboFix-quarantined-files.txt 2009-05-04 23:18

Pre-Run: 65,223,917,568 bytes free
Post-Run: 65,190,658,048 bytes free

235 --- E O F --- 2009-04-21 22:51
  • 0

#9
SpySentinel
Posted 04 May 2009 - 06:36 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#10
Nacram
Posted 05 May 2009 - 08:20 PM

Nacram

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
MBAM log:


Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 6.0.6001 Service Pack 1

05/05/2009 5:20:39 PM
mbam-log-2009-05-05 (17-20-39).txt

Scan type: Quick Scan
Objects scanned: 70407
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.180,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2845c411-0f61-4b58-8f28-63493b492ce2}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.180,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{2845c411-0f61-4b58-8f28-63493b492ce2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.180,85.255.112.173 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{f4eb7c77-7121-4621-a01c-b26b50753bb5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.180,85.255.112.173 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Kas log


Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan-Downloader.Win32.Agent.brpo File: C:\Qoobox\Quarantine\C\Windows\System32\gxvxcekprpctdvmvswxspirgxveqqtxqkfefe.dll.vir
  • 0

#11
SpySentinel
Posted 06 May 2009 - 03:44 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Please read this post completely, it may make it easier if you copy and paste this post to a new text document or print it for reference later. This will especially help you when your computer is off line.

Also copy this link for router passwords - see below
http://www.phenoelit...rg/dpl/dpl.html

Copy this link for video tutorial - see below
http://onguardonline...orials-wireless


Some things here to know.

DNS changer infects your router.

We need to clean your machine again, off line, so that the router can't re-infect your computer.

Before you use the router again we want to re-set it to it's default settings to remove the infection and stop it coming back.

Some routers you can re-set quite easily just by rebooting them others need a different approach. Some types of internet (i.e. DSL connections that use PPPoE in the router), you will need to know the data to re-setup the router itself.

What I am going to do now is give you some instructions that work in most cases.

If however it doesn't work for you, you will lose internet connection and will need to talk to your router provider to ascertain how to re-setup your router.


You have used Malwarebytes before.

If you no-longer have Malwarebytes please download from Here or Here

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.
  • Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


===============================================

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.
  • 0

#12
SpySentinel
Posted 15 May 2009 - 02:24 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP