Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

lots of iexplorer [Solved]

Started by dizzz , May 04 2009 03:51 PM

  • This topic is locked This topic is locked

#1
dizzz
Posted 04 May 2009 - 03:51 PM

dizzz

    Member

  • Member
  • PipPip
  • 27 posts
it started two days ago. my laptop goes really slow.

there are tons of IE browser popping up. i cant see them on my monitor, but i see lots of them at the task manager.

even if im not surfing the web/ using any browser. i see a lot of iexplorer on the taskbar menu. i have to close them all one by one for my pc to go fast again.

i downloaded spysweeper yesterday, and it keeps blocking internet access from hundreds of websites. i was able to list a few..

AD.MOKEAD.COM
ADSEXTEND.NET
ALLMEGABUCKS.COM
AMAENA.COM
ANALCORD.COM
ANIMEPORNMAG.COM
ANTISPYLAB.COM
ANTIVIRUSGOLDEN.COM
APROTECTEDPAGE.COM
ASDBIZ.NET
ASECURITISSUE.COM
ASTA-KILLER.COM
ATTREZZI.BIZ
AWMDABEST.COM
BABESPORNMAGS.COM
BARDOWNLOAD.COM

those are few of the sites that my pv keep logging on to.


another irritating problem is the sysfader error. i have my windows system at "for best performance" state already. no animation or fading whatsoever. yet it still pops up a lot of sysfader error.

i know theres a virus somewhere. i tried everything (ad-aware, search destroy, spysweeper etc) i also tried a bunch of antivirus and online scans (avira, avast, avg, trendmicro, bitdefender) yet non of them seem to detect them.

i followed the instructions above and here're my logs



Microsoft Windows XP Professional (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:38154 Mo/Free:712 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Mon 05/04/2009|14:27

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Windows Defender\MsMpEng.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\S24EvMon.exe
---------- C:\WINDOWS\system32\ZCfgSvc.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\wltrysvc.exe
---------- C:\WINDOWS\System32\bcmwltry.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\system32\1XConfig.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\SCardSvr.exe
---------- C:\WINDOWS\system32\wltray.exe
---------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---------- C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\RegSrvc.exe
---------- C:\Program Files\Spyware Terminator\sp_rsser.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
---------- C:\WINDOWS\system32\rundll71.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\Program Files\Webroot\WebrootSecurity\SSU.EXE
---------- C:\WINDOWS\system32\msiexec.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{4C9B3070-CF49-4D16-ADC0-927871099B13}]
NameServer REG_SZ 85.255.112.195,85.255.112.14
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{7B009066-5D21-445C-A2F2-E3B7BA29EB31}]
NameServer REG_SZ 85.255.112.195,85.255.112.14
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{4C9B3070-CF49-4D16-ADC0-927871099B13}]
NameServer REG_SZ 85.255.112.195,85.255.112.14
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{7B009066-5D21-445C-A2F2-E3B7BA29EB31}]
NameServer REG_SZ 85.255.112.195,85.255.112.14
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{4C9B3070-CF49-4D16-ADC0-927871099B13}]
NameServer REG_SZ 85.255.112.195,85.255.112.14
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{7B009066-5D21-445C-A2F2-E3B7BA29EB31}]
NameServer REG_SZ 85.255.112.195,85.255.112.14
==> WAREOUT <==

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\XCAPE~1.LAF\My Documents\Downloads\xxx games. pc games HentaII 3D\HentaII 3D\Crack.exe
C:\DOCUME~1\XCAPE~1.LAF\My Documents\Downloads\XXX games. pc games VirtuallyJenny\3DVirtuallyJenny\Crack\VirtuallyJenna-025.002.exe


1 - "C:\Rooter$\Rooter_1.txt" - Mon 05/04/2009|13:25
2 - "C:\Rooter$\Rooter_2.txt" - Mon 05/04/2009|14:28

----------------------\\ Scan completed at 14:28




------------------------------------------------------------------------------------


OTListIt logfile created on: 5/4/2009 2:29:15 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\My Documents
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.23 Mb Total Physical Memory | 304.85 Mb Available Physical Memory | 39.73% Memory free
1.83 Gb Paging File | 1.30 Gb Available in Paging File | 70.91% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 4.69 Gb Free Space | 12.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAFFITHU-7FBCJV
Current User Name: xcape
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
PRC - C:\WINDOWS\system32\ZCfgSvc.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\wltrysvc.exe ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Broadcom Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\1XConfig.exe (Intel Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wltray.exe (Broadcom Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\WINDOWS\system32\rundll71.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Webroot Software, Inc. (www.webroot.com))
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\My Documents\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Ati HotKey Poller [Disabled | Stopped]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Disabled | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Microsoft Office Groove Audit Service [Disabled | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Disabled | Stopped]) -- C:\WINDOWS\System32\HPZipm12.exe (HP)
SRV - (RegSrvc [Auto | Running]) -- C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
SRV - (sp_rssrv [Auto | Running]) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (WebrootSpySweeperService [Auto | Running]) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\wltrysvc.exe ()
SRV - (WRConsumerService [Auto | Running]) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )

========== Driver Services (SafeList) ==========

DRV - (a016bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\a016bus.sys (MCCI Corporation)
DRV - (a016mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\a016mdfl.sys (MCCI Corporation)
DRV - (a016mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\a016mdm.sys (MCCI Corporation)
DRV - (a016mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\a016mgmt.sys (MCCI Corporation)
DRV - (a016obex [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\a016obex.sys (MCCI Corporation)
DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AnyDVD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (BCMWLNPF [Auto | Running]) -- C:\WINDOWS\system32\drivers\bcmwlnpf.sys (CACE Technologies)
DRV - (DNINDIS5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DNINDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ElbyCDIO [Auto | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (gv3 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\gv3.sys (Microsoft Corporation)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (k750bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\k750bus.sys (MCCI)
DRV - (k750mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\k750mdfl.sys (MCCI)
DRV - (k750mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\k750mdm.sys (MCCI)
DRV - (k750mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\k750mgmt.sys (MCCI)
DRV - (k750obex [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\k750obex.sys (MCCI)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (NAL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\iqvw32.sys (Intel Corporation )
DRV - (NdisWDM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ndiswdm.sys (Broadcom Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (oreans32 [System | Running]) -- C:\WINDOWS\system32\drivers\oreans32.sys ()
DRV - (OZSCR [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ozscr.sys (O2Micro)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (sp_rsdrv2 [System | Running]) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ()
DRV - (ssfs0bbc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (sshrmd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ssidrv [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (STAC97 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (w70n51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\w70n51.sys (Intel® Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (zumbus [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....r=ytff-msgr&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-msgr"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-msgr"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07074039
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://search.yahoo....r=ytff-msgr&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/10 19:58:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/04 05:24:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/04 05:24:00 | 00,000,000 | ---D | M]

[2009/05/04 05:24:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Application Data\mozilla\Extensions
[2009/05/04 05:24:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/04 07:03:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Application Data\mozilla\Firefox\Profiles\szbofuzl.default\extensions
[2007/10/01 17:18:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Application Data\mozilla\Firefox\Profiles\szbofuzl.default\extensions\[email protected]
[2009/05/04 05:24:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/10/06 19:33:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/05/04 05:24:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2006/09/26 21:44:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions(2)
[2006/09/26 20:53:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)
[2009/04/23 21:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/23 21:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 17:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 17:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 17:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 17:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 17:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 17:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 17:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (D) - {3D3F79EC-2889-3C5A-BFC7-A32C5229FB98} - C:\WINDOWS\system32\xwr32678.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {6134CEA9-DD6E-495C-A0D1-4F232027D7D7} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {84798B8E-69F8-4846-9516-373C2996E2F7} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager] "C:\WINDOWS\system32\wltray.exe" (Broadcom Corporation)
O4 - HKLM..\Run: [Hotfix-KB5504305] "C:\WINDOWS\system32\rundll71.exe" ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray (Webroot Software, Inc.)
O4 - HKCU..\Run: [DiskChk help] rundll32.exe "C:\Documents and Settings\All Users.WINDOWS\proto.dll" run File not found
O4 - HKCU..\Run: [Hotfix-KB5504305] "C:\WINDOWS\system32\rundll71.exe" ()
O4 - HKCU..\Run: [nvd32_r] rundll32.exe "C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Application Data\unobi.dll" s File not found
O4 - HKLM..\RunServices: [Hotfix-KB5504305] "C:\WINDOWS\system32\rundll71.exe" ()
O4 - HKCU..\RunServices: [Hotfix-KB5504305] "C:\WINDOWS\system32\rundll71.exe" ()
O4 - Startup: C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKLM\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.su...ows-i586-jc.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{4C9B3070-CF49-4D16-ADC0-927871099B13}\\NameServer = 85.255.112.195,85.255.112.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{7B009066-5D21-445C-A2F2-E3B7BA29EB31}\\NameServer = 85.255.112.195,85.255.112.14
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\System32\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\ctfmon.exe: Debugger - C:\WINDOWS\system32\ctfmon_lh.exe File not found
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/08 02:11:03 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/05/04 14:12:50 | 00,001,674 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Spy Sweeper.lnk
[2009/05/04 14:10:45 | 01,553,272 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2009/05/04 14:10:44 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2009/05/04 14:10:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Application Data\Webroot
[2009/05/04 14:10:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
[2009/05/04 13:35:15 | 00,000,000 | ---D | C] -- C:\Binaries
[2009/05/04 13:26:04 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\My Documents\OTListIt2.exe
[2009/05/04 13:24:50 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/04 13:24:44 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\My Documents\Rooter.exe
[2009/05/04 12:55:53 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\My Documents\tup.exe
[2009/05/04 12:51:40 | 00,000,772 | ---- | C] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/04 12:51:38 | 00,000,616 | ---- | C] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Desktop\NTREGOPT.lnk
[2009/05/04 12:51:38 | 00,000,597 | ---- | C] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Desktop\ERUNT.lnk
[2009/05/04 12:51:37 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/04 12:50:21 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\My Documents\erunt_setup.exe
[2009/05/04 12:48:13 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\My Documents\SysRestorePoint.exe
[2009/05/04 05:30:50 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/04 05:27:08 | 20,098,288 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\My Documents\ie8-setup-full.exe
[2009/05/04 05:24:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
[2009/05/04 05:24:04 | 00,001,607 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2009/05/04 05:23:53 | 11,179,045 | ---- | C] () -- C:\WINDOWS\393830.gt
[2009/05/04 05:07:17 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/04 05:07:17 | 00,001,714 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Antivirus.lnk
[2009/05/04 05:07:15 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/04 05:07:12 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/04 05:07:10 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/04 05:07:09 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/04 05:07:09 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/04 05:07:09 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/04 05:07:09 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/04 05:06:49 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/04 05:06:49 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/04 05:06:46 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/04 04:36:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/05/04 02:35:40 | 00,027,649 | ---- | C] () -- C:\WINDOWS\System32\gxvxcoeiuyqbtstvdosnylwairpmuweaeeybd.dll
[2009/05/04 02:35:40 | 00,000,004 | ---- | C] () -- C:\WINDOWS\System32\gxvxccounter
[2009/05/04 02:35:34 | 00,065,536 | RHS- | C] () -- C:\WINDOWS\System32\rundll71.exe
[2009/05/04 02:35:29 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Application Data\unobi.dll
[2009/05/04 02:20:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
[2009/05/03 18:45:27 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\xa2296592.exe
[2009/05/03 18:45:26 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\xa2296392.exe
[2009/05/03 18:44:46 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\xa2256354.exe
[2009/05/03 18:44:46 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\xa2256154.exe
[2009/05/03 18:44:37 | 01,355,776 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\python25.dll
[2009/05/03 18:43:42 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\xa2191701.exe
[2009/05/03 18:43:41 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\xa2191511.exe
[2009/05/03 18:43:27 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xwr32678.dll
[2009/05/03 18:43:27 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wr32678.dll
[2009/05/03 18:43:26 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\xa2176289.exe
[2009/05/03 18:43:26 | 00,033,280 | ---- | C] () -- C:\WINDOWS\System32\xa2176008.exe
[2009/05/03 17:45:02 | 00,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009/05/03 17:37:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Fishing Craze
[2009/05/03 17:37:54 | 00,000,000 | ---D | C] -- C:\Program Files\Fishing Craze
[2009/05/03 17:29:03 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\d3dx9_24.dll
[2009/05/03 17:28:20 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\d3dx9_24.dll
[2009/05/03 16:05:30 | 00,000,000 | ---D | C] -- C:\Program Files\Illusion
[2009/05/03 15:42:32 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xwr96890.dll
[2009/05/03 15:42:32 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wr96890.dll
[2009/05/03 15:42:30 | 09,653,423 | ---- | C] () -- C:\WINDOWS\System32\xa1938978.exe
[2009/05/03 15:42:28 | 09,653,423 | ---- | C] () -- C:\WINDOWS\System32\xa1937265.exe
[2009/05/03 15:36:04 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xwr13723.dll
[2009/05/03 15:36:04 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wr13723.dll
[2009/05/03 15:36:03 | 00,409,600 | ---- | C] () -- C:\WINDOWS\System32\xa1551911.exe
[2009/05/03 15:36:01 | 00,409,600 | ---- | C] () -- C:\WINDOWS\System32\xa1550309.exe
[2009/05/03 10:38:35 | 00,000,938 | ---- | C] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Desktop\Spybot - Search & Destroy.lnk
[2009/05/03 10:38:25 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/03 10:38:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2009/05/03 10:36:23 | 00,001,739 | ---- | C] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Desktop\HijackThis.lnk
[2009/05/03 10:36:23 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/05/03 02:40:31 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/03 01:57:43 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/03 01:57:27 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/03 01:55:50 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/05/03 01:55:48 | 00,000,872 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2009/05/03 01:55:36 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/05/03 01:55:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2009/05/02 13:07:11 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/05/02 11:48:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2009/05/02 09:13:17 | 00,001,747 | ---- | C] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Desktop\My Exotic Farm.lnk
[2009/05/02 09:12:44 | 00,000,000 | ---D | C] -- C:\Program Files\Games
[2009/05/02 09:10:44 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xwr61915.dll
[2009/05/02 09:10:43 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wr61915.dll
[2009/05/02 09:10:39 | 86,296,198 | ---- | C] (Games ) -- C:\WINDOWS\System32\xa14182513.exe
[2009/05/02 09:10:10 | 86,296,198 | ---- | C] (Games ) -- C:\WINDOWS\System32\xa14153471.exe
[2009/05/02 09:09:24 | 86,296,198 | ---- | C] (Games ) -- C:\WINDOWS\System32\xa14107515.exe
[2009/05/02 09:08:09 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xwr70064.dll
[2009/05/02 09:08:09 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wr70064.dll
[2009/05/02 09:08:08 | 00,915,968 | ---- | C] () -- C:\WINDOWS\System32\xa14030845.exe
[2009/05/02 09:08:07 | 00,915,968 | ---- | C] () -- C:\WINDOWS\System32\xa14030264.exe
[2009/05/02 08:03:19 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xwr19877.dll
[2009/05/02 08:03:16 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wr19877.dll
[2009/05/02 08:02:59 | 06,352,680 | ---- | C] () -- C:\WINDOWS\System32\xa10122164.exe
[2009/05/02 08:02:20 | 06,352,680 | ---- | C] () -- C:\WINDOWS\System32\xa10082958.exe
[2009/05/02 07:59:39 | 22,502,160 | ---- | C] (NET-DIMENSION CORPORATION) -- C:\WINDOWS\System32\xa9921947.exe
[2009/05/02 07:59:35 | 22,502,160 | ---- | C] (NET-DIMENSION CORPORATION) -- C:\WINDOWS\System32\xa9917971.exe
[2009/05/02 06:46:24 | 00,000,000 | ---D | C] -- C:\Program Files\thriXXX
[2009/05/02 06:45:00 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xwr76379.dll
[2009/05/02 06:44:59 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wr76379.dll
[2009/05/02 06:43:34 | 28,962,712 | ---- | C] () -- C:\WINDOWS\System32\xa5357273.exe
[2009/05/02 06:41:47 | 22,502,160 | ---- | C] (NET-DIMENSION CORPORATION) -- C:\WINDOWS\System32\xa5249959.exe
[2009/05/02 06:41:37 | 28,962,712 | ---- | C] () -- C:\WINDOWS\System32\xa5239574.exe
[2009/05/02 06:41:18 | 28,962,712 | ---- | C] () -- C:\WINDOWS\System32\xa5220727.exe
[2009/05/02 06:40:32 | 22,502,160 | ---- | C] (NET-DIMENSION CORPORATION) -- C:\WINDOWS\System32\xa5175041.exe
[2009/05/02 06:39:56 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xwr43707.dll
[2009/05/02 06:39:55 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wr43707.dll
[2009/05/02 06:39:53 | 22,502,160 | ---- | C] (NET-DIMENSION CORPORATION) -- C:\WINDOWS\System32\xa5135764.exe
[2009/05/02 06:39:46 | 22,502,160 | ---- | C] (NET-DIMENSION CORPORATION) -- C:\WINDOWS\System32\xa5128834.exe
[2009/04/29 17:20:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Desktop\Unused Desktop Shortcuts
[2009/04/25 19:38:36 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/04/25 19:38:34 | 00,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2009/04/25 19:38:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Application Data\Real
[2009/04/25 19:38:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real
[2009/04/21 19:58:34 | 00,000,531 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/04/21 19:58:27 | 00,000,000 | ---D | C] -- C:\Program Files\Maxis
[2009/04/18 23:38:35 | 00,283,648 | ---- | C] (Stirling Technologies, Inc.) -- C:\WINDOWS\uninst.exe
[2009/04/18 20:29:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TVU Networks
[2009/04/18 03:45:18 | 00,000,000 | ---D | C] -- C:\Program Files\Apprentice
[2009/04/18 03:42:21 | 00,000,000 | ---D | C] -- C:\Program Files\Magic Workstation
[2009/04/16 21:53:00 | 00,007,680 | -HS- | C] () -- C:\WINDOWS\Thumbs.db
[2009/04/12 18:27:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Application Data\My Games
[2009/04/12 17:36:07 | 00,000,000 | ---D | C] -- C:\Program Files\Firaxis Games
[2009/04/12 17:35:27 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/04/12 02:04:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Application Data\AVS4YOU
[2009/04/12 02:04:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVS4YOU
[2009/04/12 02:02:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2009/04/12 02:01:36 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2009/04/12 02:01:35 | 00,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2009/04/11 14:14:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Desktop\Pictures
[2009/04/11 14:05:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Desktop\Music
[2009/03/12 19:23:07 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/03/04 19:22:33 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/03/04 19:22:32 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/02/27 08:17:45 | 00,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2008/11/12 16:02:20 | 00,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2008/06/22 15:18:43 | 00,033,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2008/05/05 15:12:19 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/03/13 01:13:06 | 00,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/01/23 00:13:00 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/01/09 15:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/11/12 18:13:20 | 00,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2007/10/04 09:04:46 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/09/24 13:18:02 | 03,196,928 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/09/24 13:18:02 | 00,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/24 13:18:02 | 00,533,504 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/09/24 13:18:02 | 00,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/09/24 13:18:02 | 00,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/09/24 13:18:02 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/09/24 13:18:02 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/09/24 13:18:02 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/09/24 13:18:02 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/09/24 13:18:02 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/09/24 13:18:02 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/09/24 13:18:02 | 00,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/09/24 13:18:02 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/09/24 13:18:02 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/09/24 13:18:02 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/09/24 13:18:02 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2007/09/24 13:06:38 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/08/21 23:53:32 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/08/20 17:26:52 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/08/20 17:26:52 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/08/15 15:33:14 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/06/03 00:06:14 | 00,151,040 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/06/03 00:06:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007/06/03 00:05:44 | 00,142,848 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/06/03 00:05:38 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/06/03 00:05:34 | 00,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/06/03 00:05:20 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/06/03 00:05:04 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/06/03 00:04:54 | 00,233,984 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/06/03 00:04:32 | 00,100,352 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/06/03 00:04:16 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/06/03 00:04:14 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/04/30 21:49:36 | 00,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2006/12/31 16:00:00 | 00,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2006/12/31 16:00:00 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2006/12/31 16:00:00 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2006/12/31 16:00:00 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2006/11/01 07:54:30 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/07/05 02:37:14 | 00,045,124 | ---- | C] () -- C:\WINDOWS\System32\LsaWrApi.dll
[2005/07/05 02:29:16 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\ShellNav.dll
[2005/07/05 02:27:42 | 00,532,549 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2005/07/05 02:26:40 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\D8021Xps.dll
[2005/01/13 04:00:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/09/04 09:49:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\HPODStormEncoder(2).dll
[2002/08/29 05:00:00 | 00,000,617 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/29 05:00:00 | 00,000,348 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
File not found -- C:\WINDOWS\System32\drivers\etc\HOSTS.bak
[2049/12/31 17:00:00 | 00,045,195 | ---- | M] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Desktop\Xmas FLC 2008 19.JPG
[2009/05/04 14:17:54 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/04 14:17:34 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/04 14:14:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/04 14:14:41 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Local Settings\desktop.ini
[2009/05/04 14:14:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/04 14:14:35 | 80,456,4992 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/04 14:12:50 | 00,001,674 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Spy Sweeper.lnk
[2009/05/04 13:26:05 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\My Documents\OTListIt2.exe
[2009/05/04 13:24:45 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\My Documents\Rooter.exe
[2009/05/04 12:55:58 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\My Documents\tup.exe
[2009/05/04 12:51:40 | 00,000,772 | ---- | M] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/04 12:51:38 | 00,000,616 | ---- | M] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Desktop\NTREGOPT.lnk
[2009/05/04 12:51:38 | 00,000,597 | ---- | M] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Desktop\ERUNT.lnk
[2009/05/04 12:50:23 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\My Documents\erunt_setup.exe
[2009/05/04 12:48:14 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\My Documents\SysRestorePoint.exe
[2009/05/04 05:42:57 | 00,000,617 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/04 05:42:57 | 00,000,348 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/04 05:42:57 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/05/04 05:39:10 | 00,000,076 | -HS- | M] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\My Documents\desktop.ini
[2009/05/04 05:36:58 | 11,179,045 | ---- | M] () -- C:\WINDOWS\393830.gt
[2009/05/04 05:27:09 | 20,098,288 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\My Documents\ie8-setup-full.exe
[2009/05/04 05:24:04 | 00,001,607 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2009/05/04 05:08:33 | 00,000,004 | ---- | M] () -- C:\WINDOWS\System32\gxvxccounter
[2009/05/04 05:07:17 | 00,001,714 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Antivirus.lnk
[2009/05/04 05:07:09 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/04 04:22:05 | 00,007,680 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
[2009/05/04 02:35:40 | 00,027,649 | ---- | M] () -- C:\WINDOWS\System32\gxvxcoeiuyqbtstvdosnylwairpmuweaeeybd.dll
[2009/05/04 02:35:22 | 00,065,536 | RHS- | M] () -- C:\WINDOWS\System32\rundll71.exe
[2009/05/04 01:57:06 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/03 22:00:00 | 00,000,384 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/05/03 18:45:26 | 00,033,280 | ---- | M] () -- C:\WINDOWS\System32\xa2296592.exe
[2009/05/03 18:45:26 | 00,033,280 | ---- | M] () -- C:\WINDOWS\System32\xa2296392.exe
[2009/05/03 18:44:46 | 00,033,280 | ---- | M] () -- C:\WINDOWS\System32\xa2256354.exe
[2009/05/03 18:44:46 | 00,033,280 | ---- | M] () -- C:\WINDOWS\System32\xa2256154.exe
[2009/05/03 18:43:41 | 00,033,280 | ---- | M] () -- C:\WINDOWS\System32\xa2191701.exe
[2009/05/03 18:43:41 | 00,033,280 | ---- | M] () -- C:\WINDOWS\System32\xa2191511.exe
[2009/05/03 18:43:27 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xwr32678.dll
[2009/05/03 18:43:27 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wr32678.dll
[2009/05/03 18:43:26 | 00,033,280 | ---- | M] () -- C:\WINDOWS\System32\xa2176289.exe
[2009/05/03 18:43:26 | 00,033,280 | ---- | M] () -- C:\WINDOWS\System32\xa2176008.exe
[2009/05/03 17:45:02 | 00,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2009/05/03 15:42:32 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xwr96890.dll
[2009/05/03 15:42:32 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wr96890.dll
[2009/05/03 15:42:30 | 09,653,423 | ---- | M] () -- C:\WINDOWS\System32\xa1938978.exe
[2009/05/03 15:42:30 | 09,653,423 | ---- | M] () -- C:\WINDOWS\System32\xa1937265.exe
[2009/05/03 15:36:04 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xwr13723.dll
[2009/05/03 15:36:04 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wr13723.dll
[2009/05/03 15:36:03 | 00,409,600 | ---- | M] () -- C:\WINDOWS\System32\xa1551911.exe
[2009/05/03 15:36:03 | 00,409,600 | ---- | M] () -- C:\WINDOWS\System32\xa1550309.exe
[2009/05/03 12:00:03 | 00,000,394 | ---- | M] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/05/03 10:38:35 | 00,000,938 | ---- | M] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Desktop\Spybot - Search & Destroy.lnk
[2009/05/03 10:36:23 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Desktop\HijackThis.lnk
[2009/05/03 01:57:19 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/03 01:57:06 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/03 01:55:48 | 00,000,872 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Ad-Aware.lnk
[2009/05/02 09:13:17 | 00,001,747 | ---- | M] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Desktop\My Exotic Farm.lnk
[2009/05/02 09:10:44 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xwr61915.dll
[2009/05/02 09:10:44 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wr61915.dll
[2009/05/02 09:10:39 | 86,296,198 | ---- | M] (Games ) -- C:\WINDOWS\System32\xa14182513.exe
[2009/05/02 09:10:39 | 86,296,198 | ---- | M] (Games ) -- C:\WINDOWS\System32\xa14153471.exe
[2009/05/02 09:10:39 | 86,296,198 | ---- | M] (Games ) -- C:\WINDOWS\System32\xa14107515.exe
[2009/05/02 09:08:09 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xwr70064.dll
[2009/05/02 09:08:09 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wr70064.dll
[2009/05/02 09:08:07 | 00,915,968 | ---- | M] () -- C:\WINDOWS\System32\xa14030845.exe
[2009/05/02 09:08:07 | 00,915,968 | ---- | M] () -- C:\WINDOWS\System32\xa14030264.exe
[2009/05/02 08:03:17 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xwr19877.dll
[2009/05/02 08:03:17 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wr19877.dll
[2009/05/02 08:02:46 | 06,352,680 | ---- | M] () -- C:\WINDOWS\System32\xa10122164.exe
[2009/05/02 08:02:46 | 06,352,680 | ---- | M] () -- C:\WINDOWS\System32\xa10082958.exe
[2009/05/02 07:59:38 | 22,502,160 | ---- | M] (NET-DIMENSION CORPORATION) -- C:\WINDOWS\System32\xa9921947.exe
[2009/05/02 07:59:38 | 22,502,160 | ---- | M] (NET-DIMENSION CORPORATION) -- C:\WINDOWS\System32\xa9917971.exe
[2009/05/02 06:44:59 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xwr76379.dll
[2009/05/02 06:44:59 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wr76379.dll
[2009/05/02 06:43:09 | 28,962,712 | ---- | M] () -- C:\WINDOWS\System32\xa5357273.exe
[2009/05/02 06:43:09 | 28,962,712 | ---- | M] () -- C:\WINDOWS\System32\xa5239574.exe
[2009/05/02 06:43:09 | 28,962,712 | ---- | M] () -- C:\WINDOWS\System32\xa5220727.exe
[2009/05/02 06:41:22 | 22,502,160 | ---- | M] (NET-DIMENSION CORPORATION) -- C:\WINDOWS\System32\xa5249959.exe
[2009/05/02 06:41:22 | 22,502,160 | ---- | M] (NET-DIMENSION CORPORATION) -- C:\WINDOWS\System32\xa5175041.exe
[2009/05/02 06:39:55 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xwr43707.dll
[2009/05/02 06:39:55 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wr43707.dll
[2009/05/02 06:39:52 | 22,502,160 | ---- | M] (NET-DIMENSION CORPORATION) -- C:\WINDOWS\System32\xa5135764.exe
[2009/05/02 06:39:52 | 22,502,160 | ---- | M] (NET-DIMENSION CORPORATION) -- C:\WINDOWS\System32\xa5128834.exe
[2009/04/21 19:58:34 | 00,000,531 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2009/04/17 06:00:10 | 00,117,248 | -HS- | M] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\My Documents\Thumbs.db
[2009/04/10 09:56:19 | 00,001,553 | ---- | M] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Desktop\CCleaner.lnk
[2009/04/07 02:04:03 | 00,035,345 | ---- | M] () -- C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\My Documents\resume.rtf

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:0A6D6CB4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:1CA73D29
< End of report >






please help me :) my laptop is really really slow now :) :)
  • 0

Advertisements

#2
Rorschach112
Posted 04 May 2009 - 03:58 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Please download OTMoveIt3 by OldTimer
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Services

:Reg

:Files
C:\DOCUME~1\XCAPE~1.LAF\My Documents\Downloads\xxx games. pc games HentaII 3D\HentaII 3D\Crack.exe
C:\DOCUME~1\XCAPE~1.LAF\My Documents\Downloads\XXX games. pc games VirtuallyJenny\3DVirtuallyJenny\Crack
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
dizzz
Posted 04 May 2009 - 09:01 PM

dizzz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Rorschach112!! Thanks for the quick reply :)

ive began to notice that my laptop uses 100% CPU usage, i cant even watch videos in youtube :) :)


Here are the logs, thanks again for the quick reply :)


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\DOCUME~1\XCAPE~1.LAF\My Documents\Downloads\ pc games Cars\Crack.exe not found.
File/Folder C:\DOCUME~1\XCAPE~1.LAF\My Documents\Downloads\ pc games VirtualCars\Crack not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\XCAPE~1.LAF\LOCALS~1\Temp\etilqs_TRW3XbJUaLH14W2YmdZX scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS01E93312-ADB1-4989-8A5E-6C158F5E2CE5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS04A1CDA8-71D8-4ADF-BCB9-9BE48E58F7E3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS129F1E29-6D24-4354-98D8-A81BA7D054E5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1310EBAA-130F-41A3-8E26-E4114BAB607B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS164FA7D3-E4A1-4781-BC5F-B2B62F44F5D4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1680F31C-21A5-45AC-A459-5EEADAA3119F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS188D3C93-F1E1-4EB1-B0D4-940C0E6CBF75.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS198FA806-D877-4E20-B96E-2063DE8FDDC7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1ADEF63A-9BF5-4CF9-9E9D-6061526C7506.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1CDA366D-C58F-409F-983C-9A54453AAA04.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS1DAAF510-36E3-47E9-8AAF-AA7385C59E59.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS228AD07C-556E-4D31-A86A-48AE4EED7A9F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2397A05D-BF2A-4946-8BE1-5836B523045C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS247A787B-28F6-4A53-9CA1-D65BFFDCC9F4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS24EA5A12-9FFE-49A2-93C2-69F6119ADA84.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS25F446F2-76A9-41DF-934E-74A7F1FCFE34.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS27285829-EEF1-4C9E-B1B1-77346C7F9DA7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2872A99F-4668-4A61-9EF4-5CAAC1D2A9A4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2A364408-CDDC-4D66-9AFD-CEAAEE961D89.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2D123D6A-BEFD-4B9A-97A7-FA6C97262ACC.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS2E70603A-830C-497F-8ACF-05507DEEDE85.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS302B165B-91D2-4264-9385-29275B6FDD2E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS353656D8-DD88-4049-9565-4205EAC29732.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS3545AF25-C3E6-48C2-AEA9-68432C3AA8D4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS35B02EE1-572C-4ABC-B194-C2ED92E5AAF0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS35B222C2-5F68-4526-9016-AE99861F987E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS3A44A62A-744D-4E13-B7D6-E130957BC6D4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS3AEDBAAB-FE99-46CE-91A4-1A894D8B316B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS3F03B0EF-0683-4A4A-88B1-9BABB8C0FB16.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS3FAA7F73-40CC-431B-A1A5-DC7D92D605A4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4135A013-92A4-4AB1-9E0B-74443A68292F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS48346A58-39D3-4400-9255-34289C858F4C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS49A344F2-7514-42E2-9007-C3B363152E8C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4D9CC773-5E3F-435B-892B-5DFCB8FF61B3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4E48DAC8-132D-4C80-BEA8-24DD9DF89626.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4ED38247-9484-4DBE-9C69-4386D5863679.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4F1F61A3-E8CA-414B-A49E-A865F7F8CF25.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS4F26E6FC-B708-4F12-811E-FD90A1BD26AC.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5059BCA6-B452-4E9E-9E06-978B1791A15B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS533704B3-9842-470C-A75D-66ADDA96C599.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS54FAD348-0174-4C7E-AD25-E3AD729DA263.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS55DA2E60-93E6-42FF-A612-0E8DCD0C2699.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS56D19858-17F4-4505-8F08-FAF2639FC7E5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS57470093-E084-4B8D-AE4D-6BFE700181C5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS586D2FA4-B70D-421B-B1FF-7954D752BD68.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5B2AF644-D82C-4B3A-B143-67C96453C8DC.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5C565949-429A-4C9C-96D6-436D374F1B3E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS5D812DB8-BE31-4348-8790-99FE4C82634B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS607F3946-ADF4-4BB9-8483-496F7606A065.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS64115C8E-CBFA-401E-8CE3-8B176899B2CC.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS647D6E37-5A38-403F-9832-08A55CDECF2E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS64E7662B-8D32-4CFD-B96E-4B723C6F0EC1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS68CBB0AF-D58D-480B-B423-9EE05A3F0E6C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS69DA7243-C5A4-484A-A5BD-CB35F11918F8.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS6C5A8E4C-2D08-4B64-911E-0170EC020282.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7117388F-6F86-412A-8C46-6E87CE550EB9.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS778C6E11-3CF0-4526-9797-037B53DEB32E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7A29C392-9799-42D5-BE4B-4E5DFA8619AD.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7A8368BA-9A81-43A1-BB83-90EEA346D5E9.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7D590027-8562-42FF-8BC2-F2602CE891B4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7EEFBC6D-DD04-4C37-A794-EAC003924FDC.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7F667088-FB3E-4477-8EB3-C5CAD133FCB6.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS7F6ED14C-265C-4000-90DC-1E0346E34F66.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS812F22D7-CF3E-4071-9DC7-F3A6BEAF7FE1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS82D1EEAC-BD68-4803-926A-FA0F4EC7D61A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS83C61614-2059-4F06-9F7F-8A188BB8B82E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS885EC401-7060-4EC9-B3F8-250C242340A1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS88B49A53-6F7B-41DD-B0D5-20B5C08F75AD.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8AA8D9A5-72B5-4639-9295-118BEBE60BC8.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS8F7FF5ED-4AA6-490F-977D-548736C366A1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS92885C6A-E96C-4D26-A18F-202430F27FD1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS939BC31E-75FC-4467-8289-EE7A5D9A3046.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS988C3483-883F-40B0-89BC-48A652B84DAB.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS99699E87-9E5D-430B-B5D7-F0C284760A0D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMS99EBBFA6-4A87-4187-9D9A-D1AD5729286A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA00E0444-D9BE-41BC-A64F-AD0FD53E9417.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSA672E207-60C7-45F9-8F43-6DF0EB6ACC02.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB0732800-9E9B-4B76-A659-EA8024C7D98B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB5B9779D-D86A-48E0-B90B-F34763A29E4F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB7D20914-E10D-4417-8293-FC1629EC9817.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSB9CEF800-A404-44E8-A51E-D122E1C48CAA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSBD9911BF-A47C-4EC2-9D6D-365914B61639.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSC49892D4-60AB-46FA-84C0-F2110341C734.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSC51D3124-D0F8-497A-8AF7-38871F68A67E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSC9B8E952-33E8-45DE-BC53-4EF49ECF3A16.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSCB4344F3-3BC8-4BF9-97C1-77FC8E00D021.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSCD77B42B-039F-4C31-94A7-A69B0980A7AC.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSCE23F228-E14B-427E-945B-16AF5C09B0F5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSD1E5F7F7-A443-4091-9189-7F279C6B73ED.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDA1621E1-984F-4533-9781-BE241D5756F5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDA231553-A34A-4D79-93FF-40F8F5F41ED7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSDD9CE1EB-968A-4297-84EE-1CEF72F0D29D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE184917F-765B-4D7D-8E45-A06DE59D7CF6.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE544728D-6526-4C4B-8B54-79975DFC8118.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE5A772A4-73FC-4E25-84D7-2605270EC45E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE63594A6-85DC-49E0-A01F-FCBFA534DCB4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE752C538-2FAB-4152-B54A-FF01C335508C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE81CB879-9CA3-4D2D-B388-DBB05591F28F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSE8866E05-225C-4618-A727-0613113035D8.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSEE2065E8-1610-40B1-9917-971D0B81B648.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF0BB582E-1A33-4924-8133-C41D6CF9EADB.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF0D57702-97AC-4DC4-8A5A-21FA0578B773.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSF6E09249-07E2-48B7-B85E-45BF5C3074AA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\wrstemp\SSMSFFA63DAA-4E63-483C-BF89-8DEDF775B956.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_614.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_730.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\Mozilla\Firefox\Profiles\szbofuzl.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\Mozilla\Firefox\Profiles\szbofuzl.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\Mozilla\Firefox\Profiles\szbofuzl.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\Mozilla\Firefox\Profiles\szbofuzl.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\Mozilla\Firefox\Profiles\szbofuzl.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05042009_192414

Files moved on Reboot...
File C:\DOCUME~1\XCAPE~1.LAF\LOCALS~1\Temp\etilqs_TRW3XbJUaLH14W2YmdZX not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\wrstemp\SSMS01E93312-ADB1-4989-8A5E-6C158F5E2CE5.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS04A1CDA8-71D8-4ADF-BCB9-9BE48E58F7E3.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS129F1E29-6D24-4354-98D8-A81BA7D054E5.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS1310EBAA-130F-41A3-8E26-E4114BAB607B.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS164FA7D3-E4A1-4781-BC5F-B2B62F44F5D4.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS1680F31C-21A5-45AC-A459-5EEADAA3119F.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS188D3C93-F1E1-4EB1-B0D4-940C0E6CBF75.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS198FA806-D877-4E20-B96E-2063DE8FDDC7.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS1ADEF63A-9BF5-4CF9-9E9D-6061526C7506.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS1CDA366D-C58F-409F-983C-9A54453AAA04.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS1DAAF510-36E3-47E9-8AAF-AA7385C59E59.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS228AD07C-556E-4D31-A86A-48AE4EED7A9F.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS2397A05D-BF2A-4946-8BE1-5836B523045C.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS247A787B-28F6-4A53-9CA1-D65BFFDCC9F4.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS24EA5A12-9FFE-49A2-93C2-69F6119ADA84.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS25F446F2-76A9-41DF-934E-74A7F1FCFE34.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS27285829-EEF1-4C9E-B1B1-77346C7F9DA7.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS2872A99F-4668-4A61-9EF4-5CAAC1D2A9A4.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS2A364408-CDDC-4D66-9AFD-CEAAEE961D89.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS2D123D6A-BEFD-4B9A-97A7-FA6C97262ACC.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS2E70603A-830C-497F-8ACF-05507DEEDE85.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS302B165B-91D2-4264-9385-29275B6FDD2E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS353656D8-DD88-4049-9565-4205EAC29732.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS3545AF25-C3E6-48C2-AEA9-68432C3AA8D4.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS35B02EE1-572C-4ABC-B194-C2ED92E5AAF0.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS35B222C2-5F68-4526-9016-AE99861F987E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS3A44A62A-744D-4E13-B7D6-E130957BC6D4.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS3AEDBAAB-FE99-46CE-91A4-1A894D8B316B.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS3F03B0EF-0683-4A4A-88B1-9BABB8C0FB16.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS3FAA7F73-40CC-431B-A1A5-DC7D92D605A4.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS4135A013-92A4-4AB1-9E0B-74443A68292F.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS48346A58-39D3-4400-9255-34289C858F4C.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS49A344F2-7514-42E2-9007-C3B363152E8C.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS4D9CC773-5E3F-435B-892B-5DFCB8FF61B3.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS4E48DAC8-132D-4C80-BEA8-24DD9DF89626.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS4ED38247-9484-4DBE-9C69-4386D5863679.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS4F1F61A3-E8CA-414B-A49E-A865F7F8CF25.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS4F26E6FC-B708-4F12-811E-FD90A1BD26AC.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS5059BCA6-B452-4E9E-9E06-978B1791A15B.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS533704B3-9842-470C-A75D-66ADDA96C599.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS54FAD348-0174-4C7E-AD25-E3AD729DA263.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS55DA2E60-93E6-42FF-A612-0E8DCD0C2699.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS56D19858-17F4-4505-8F08-FAF2639FC7E5.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS57470093-E084-4B8D-AE4D-6BFE700181C5.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS586D2FA4-B70D-421B-B1FF-7954D752BD68.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS5B2AF644-D82C-4B3A-B143-67C96453C8DC.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS5C565949-429A-4C9C-96D6-436D374F1B3E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS5D812DB8-BE31-4348-8790-99FE4C82634B.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS607F3946-ADF4-4BB9-8483-496F7606A065.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS64115C8E-CBFA-401E-8CE3-8B176899B2CC.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS647D6E37-5A38-403F-9832-08A55CDECF2E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS64E7662B-8D32-4CFD-B96E-4B723C6F0EC1.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS68CBB0AF-D58D-480B-B423-9EE05A3F0E6C.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS69DA7243-C5A4-484A-A5BD-CB35F11918F8.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS6C5A8E4C-2D08-4B64-911E-0170EC020282.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS7117388F-6F86-412A-8C46-6E87CE550EB9.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS778C6E11-3CF0-4526-9797-037B53DEB32E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS7A29C392-9799-42D5-BE4B-4E5DFA8619AD.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS7A8368BA-9A81-43A1-BB83-90EEA346D5E9.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS7D590027-8562-42FF-8BC2-F2602CE891B4.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS7EEFBC6D-DD04-4C37-A794-EAC003924FDC.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS7F667088-FB3E-4477-8EB3-C5CAD133FCB6.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS7F6ED14C-265C-4000-90DC-1E0346E34F66.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS812F22D7-CF3E-4071-9DC7-F3A6BEAF7FE1.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS82D1EEAC-BD68-4803-926A-FA0F4EC7D61A.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS83C61614-2059-4F06-9F7F-8A188BB8B82E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS885EC401-7060-4EC9-B3F8-250C242340A1.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS88B49A53-6F7B-41DD-B0D5-20B5C08F75AD.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS8AA8D9A5-72B5-4639-9295-118BEBE60BC8.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS8F7FF5ED-4AA6-490F-977D-548736C366A1.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS92885C6A-E96C-4D26-A18F-202430F27FD1.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS939BC31E-75FC-4467-8289-EE7A5D9A3046.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS988C3483-883F-40B0-89BC-48A652B84DAB.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS99699E87-9E5D-430B-B5D7-F0C284760A0D.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMS99EBBFA6-4A87-4187-9D9A-D1AD5729286A.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSA00E0444-D9BE-41BC-A64F-AD0FD53E9417.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSA672E207-60C7-45F9-8F43-6DF0EB6ACC02.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSB0732800-9E9B-4B76-A659-EA8024C7D98B.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSB5B9779D-D86A-48E0-B90B-F34763A29E4F.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSB7D20914-E10D-4417-8293-FC1629EC9817.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSB9CEF800-A404-44E8-A51E-D122E1C48CAA.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSBD9911BF-A47C-4EC2-9D6D-365914B61639.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSC49892D4-60AB-46FA-84C0-F2110341C734.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSC51D3124-D0F8-497A-8AF7-38871F68A67E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSC9B8E952-33E8-45DE-BC53-4EF49ECF3A16.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSCB4344F3-3BC8-4BF9-97C1-77FC8E00D021.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSCD77B42B-039F-4C31-94A7-A69B0980A7AC.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSCE23F228-E14B-427E-945B-16AF5C09B0F5.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSD1E5F7F7-A443-4091-9189-7F279C6B73ED.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSDA1621E1-984F-4533-9781-BE241D5756F5.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSDA231553-A34A-4D79-93FF-40F8F5F41ED7.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSDD9CE1EB-968A-4297-84EE-1CEF72F0D29D.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE184917F-765B-4D7D-8E45-A06DE59D7CF6.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE544728D-6526-4C4B-8B54-79975DFC8118.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE5A772A4-73FC-4E25-84D7-2605270EC45E.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE63594A6-85DC-49E0-A01F-FCBFA534DCB4.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE752C538-2FAB-4152-B54A-FF01C335508C.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE81CB879-9CA3-4D2D-B388-DBB05591F28F.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSE8866E05-225C-4618-A727-0613113035D8.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSEE2065E8-1610-40B1-9917-971D0B81B648.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSF0BB582E-1A33-4924-8133-C41D6CF9EADB.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSF0D57702-97AC-4DC4-8A5A-21FA0578B773.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSF6E09249-07E2-48B7-B85E-45BF5C3074AA.tmp not found!
File C:\WINDOWS\temp\wrstemp\SSMSFFA63DAA-4E63-483C-BF89-8DEDF775B956.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_614.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_730.dat not found!
C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\Mozilla\Firefox\Profiles\szbofuzl.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\Mozilla\Firefox\Profiles\szbofuzl.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\Mozilla\Firefox\Profiles\szbofuzl.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\Mozilla\Firefox\Profiles\szbofuzl.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\Mozilla\Firefox\Profiles\szbofuzl.default\urlclassifier3.sqlite moved successfully.








ComboFix 09-05-03.6 - xcape 05/04/2009 19:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.345 [GMT -7:00]
Running from: c:\documents and settings\xcape.LAFFITHU-7FBCJV\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090504-1] *On-access scanning disabled* (Updated)
FW: Webroot Internet Security Essentials *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\xcape.LAFFITHU-7FBCJV\Start Menu\Programs\DigitalLabs
c:\recycler\S-8-1-60-100023240-100014379-100015091-1557.com
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcoeiuyqbtstvdosnylwairpmuweaeeybd.dll
c:\windows\system32\HPODStormEncoder(2).dll

----- BITS: Possible infected sites -----

hxxp://winpcdown99.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((( Files Created from 2009-04-05 to 2009-05-05 )))))))))))))))))))))))))))))))
.

2009-05-05 02:24 . 2009-05-05 02:24 -------- dc----w C:\_OTMoveIt
2009-05-04 21:10 . 2008-11-14 00:11 1553272 ----a-w c:\windows\WRSetup.dll
2009-05-04 21:10 . 2009-05-04 21:10 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\Application Data\Webroot
2009-05-04 21:10 . 2009-05-04 21:16 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Webroot
2009-05-04 21:10 . 2009-05-04 21:10 -------- d-----w c:\program files\Webroot
2009-05-04 20:42 . 2009-05-04 20:42 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-04 20:35 . 2009-05-04 20:35 -------- dc----w C:\Binaries
2009-05-04 20:24 . 2009-05-04 21:28 -------- dc----w C:\Rooter$
2009-05-04 19:51 . 2009-05-04 19:51 -------- d-----w c:\program files\ERUNT
2009-05-04 12:51 . 2009-05-04 12:51 -------- d-sh--w c:\documents and settings\xcape.LAFFITHU-7FBCJV\PrivacIE
2009-05-04 12:40 . 2009-05-04 12:40 -------- d-sh--w c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2009-05-04 12:39 . 2009-05-04 12:39 -------- d-sh--w c:\documents and settings\xcape.LAFFITHU-7FBCJV\IETldCache
2009-05-04 12:30 . 2009-05-04 12:35 -------- dc-h--w c:\windows\ie8
2009-05-04 12:24 . 2009-05-04 12:24 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\Google
2009-05-04 12:06 . 2009-05-04 12:06 -------- d-----w c:\program files\Alwil Software
2009-05-04 09:35 . 2009-05-04 09:35 27136 ----a-w c:\documents and settings\All Users.WINDOWS\proto.dll
2009-05-04 09:35 . 2009-05-04 09:35 65536 --sh--r c:\windows\system32\rundll71.exe
2009-05-04 09:35 . 2009-03-22 00:15 36864 ----a-w c:\documents and settings\xcape.LAFFITHU-7FBCJV\Application Data\unobi.dll
2009-05-04 09:20 . 2009-05-04 11:43 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-05-04 01:45 . 2009-05-04 01:45 33280 ----a-w c:\windows\system32\xa2296592.exe
2009-05-04 01:45 . 2009-05-04 01:45 33280 ----a-w c:\windows\system32\xa2296392.exe
2009-05-04 01:44 . 2009-05-04 01:44 33280 ----a-w c:\windows\system32\xa2256354.exe
2009-05-04 01:44 . 2009-05-04 01:44 33280 ----a-w c:\windows\system32\xa2256154.exe
2009-05-04 01:44 . 2009-02-20 14:31 1355776 ----a-w c:\windows\system32\python25.dll
2009-05-04 01:43 . 2009-05-04 01:43 33280 ----a-w c:\windows\system32\xa2191701.exe
2009-05-04 01:43 . 2009-05-04 01:43 33280 ----a-w c:\windows\system32\xa2191511.exe
2009-05-04 01:43 . 2009-05-04 01:43 204800 ----a-w c:\windows\system32\xwr32678.dll
2009-05-04 01:43 . 2009-05-04 01:43 204800 ----a-w c:\windows\system32\wr32678.dll
2009-05-04 01:43 . 2009-05-04 01:43 33280 ----a-w c:\windows\system32\xa2176289.exe
2009-05-04 01:43 . 2009-05-04 01:43 33280 ----a-w c:\windows\system32\xa2176008.exe
2009-05-04 00:45 . 2009-05-04 00:45 4096 ----a-w c:\windows\d3dx.dat
2009-05-04 00:37 . 2009-05-04 00:37 -------- d-----w c:\windows\Fishing Craze
2009-05-04 00:37 . 2009-05-04 09:38 -------- d-----w c:\program files\Fishing Craze
2009-05-04 00:29 . 2005-02-06 03:45 2222800 ----a-w c:\windows\d3dx9_24.dll
2009-05-04 00:28 . 2005-02-06 03:45 2222800 -c--a-w C:\d3dx9_24.dll
2009-05-03 23:05 . 2009-05-03 23:05 -------- d-----w c:\program files\Illusion
2009-05-03 22:42 . 2009-05-03 22:42 204800 ----a-w c:\windows\system32\xwr96890.dll
2009-05-03 22:42 . 2009-05-03 22:42 204800 ----a-w c:\windows\system32\wr96890.dll
2009-05-03 22:42 . 2009-05-03 22:42 9653423 ----a-w c:\windows\system32\xa1938978.exe
2009-05-03 22:42 . 2009-05-03 22:42 9653423 ----a-w c:\windows\system32\xa1937265.exe
2009-05-03 22:36 . 2009-05-03 22:36 204800 ----a-w c:\windows\system32\xwr13723.dll
2009-05-03 22:36 . 2009-05-03 22:36 204800 ----a-w c:\windows\system32\wr13723.dll
2009-05-03 22:36 . 2009-05-03 22:36 409600 ----a-w c:\windows\system32\xa1551911.exe
2009-05-03 22:36 . 2009-05-03 22:36 409600 ----a-w c:\windows\system32\xa1550309.exe
2009-05-03 17:38 . 2009-05-03 17:42 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-03 17:38 . 2009-05-04 10:23 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-05-03 17:36 . 2009-05-03 17:36 -------- d-----w c:\program files\Trend Micro
2009-05-03 09:40 . 2009-05-03 08:57 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-03 08:57 . 2009-05-03 08:57 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-03 08:55 . 2009-05-03 08:55 -------- dc-h--w c:\documents and settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-03 08:55 . 2009-05-03 08:55 -------- d-----w c:\program files\Lavasoft
2009-05-03 08:55 . 2009-05-03 08:57 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2009-05-02 20:07 . 2009-05-04 09:39 -------- d-----w c:\program files\Panda Security
2009-05-02 19:58 . 2009-05-02 19:58 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\.housecall6.6
2009-05-02 18:48 . 2009-05-03 00:01 -------- d-----w c:\windows\BDOSCAN8
2009-05-02 16:12 . 2009-05-02 16:12 -------- d-----w c:\program files\Games
2009-05-02 16:10 . 2009-05-02 16:10 204800 ----a-w c:\windows\system32\xwr61915.dll
2009-05-02 16:10 . 2009-05-02 16:10 204800 ----a-w c:\windows\system32\wr61915.dll
2009-05-02 16:10 . 2009-05-02 16:10 86296198 ----a-w c:\windows\system32\xa14182513.exe
2009-05-02 16:10 . 2009-05-02 16:10 86296198 ----a-w c:\windows\system32\xa14153471.exe
2009-05-02 16:09 . 2009-05-02 16:10 86296198 ----a-w c:\windows\system32\xa14107515.exe
2009-05-02 16:08 . 2009-05-02 16:08 204800 ----a-w c:\windows\system32\xwr70064.dll
2009-05-02 16:08 . 2009-05-02 16:08 204800 ----a-w c:\windows\system32\wr70064.dll
2009-05-02 16:08 . 2009-05-02 16:08 915968 ----a-w c:\windows\system32\xa14030845.exe
2009-05-02 16:08 . 2009-05-02 16:08 915968 ----a-w c:\windows\system32\xa14030264.exe
2009-05-02 15:03 . 2009-05-02 15:03 204800 ----a-w c:\windows\system32\xwr19877.dll
2009-05-02 15:03 . 2009-05-02 15:03 204800 ----a-w c:\windows\system32\wr19877.dll
2009-05-02 15:02 . 2009-05-02 15:02 6352680 ----a-w c:\windows\system32\xa10122164.exe
2009-05-02 15:02 . 2009-05-02 15:02 6352680 ----a-w c:\windows\system32\xa10082958.exe
2009-05-02 14:59 . 2009-05-02 14:59 22502160 ----a-w c:\windows\system32\xa9921947.exe
2009-05-02 14:59 . 2009-05-02 14:59 22502160 ----a-w c:\windows\system32\xa9917971.exe
2009-05-02 13:46 . 2009-05-03 22:43 -------- d-----w c:\program files\thriXXX
2009-05-02 13:45 . 2009-05-02 13:44 204800 ----a-w c:\windows\system32\xwr76379.dll
2009-05-02 13:44 . 2009-05-02 13:44 204800 ----a-w c:\windows\system32\wr76379.dll
2009-05-02 13:43 . 2009-05-02 13:43 28962712 ----a-w c:\windows\system32\xa5357273.exe
2009-05-02 13:41 . 2009-05-02 13:41 22502160 ----a-w c:\windows\system32\xa5249959.exe
2009-05-02 13:41 . 2009-05-02 13:43 28962712 ----a-w c:\windows\system32\xa5239574.exe
2009-05-02 13:41 . 2009-05-02 13:43 28962712 ----a-w c:\windows\system32\xa5220727.exe
2009-05-02 13:40 . 2009-05-02 13:41 22502160 ----a-w c:\windows\system32\xa5175041.exe
2009-05-02 13:39 . 2009-05-02 13:39 204800 ----a-w c:\windows\system32\xwr43707.dll
2009-05-02 13:39 . 2009-05-02 13:39 204800 ----a-w c:\windows\system32\wr43707.dll
2009-05-02 13:39 . 2009-05-02 13:39 22502160 ----a-w c:\windows\system32\xa5135764.exe
2009-05-02 13:39 . 2009-05-02 13:39 22502160 ----a-w c:\windows\system32\xa5128834.exe
2009-04-26 02:38 . 2009-04-26 02:38 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\Real
2009-04-26 02:38 . 2009-04-26 02:38 -------- d-----w c:\program files\Real Alternative
2009-04-25 09:19 . 2009-04-25 09:19 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\PCHealth
2009-04-22 02:58 . 2009-04-22 02:58 531 ----a-w c:\windows\eReg.dat
2009-04-22 02:58 . 2009-04-22 02:58 -------- d-----w c:\program files\Maxis
2009-04-19 06:38 . 1997-12-14 22:38 283648 ----a-w c:\windows\uninst.exe
2009-04-19 06:37 . 2009-04-19 06:37 -------- d-----w c:\documents and settings\XCAPE~1~LAF
2009-04-19 06:37 . 2009-04-19 06:37 -------- d-----w c:\documents and settings\XCAPE~1~LAF\LOCALS~1
2009-04-19 06:22 . 1997-07-15 00:42 314880 ----a-w c:\windows\IsUninst.exe
2009-04-19 03:29 . 2009-04-19 03:29 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\TVU Networks
2009-04-19 03:29 . 2009-04-19 03:29 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\TVU Networks
2009-04-19 03:28 . 2009-04-19 03:28 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\LocalLow
2009-04-18 10:45 . 2009-04-18 11:26 -------- d-----w c:\program files\Apprentice
2009-04-18 10:42 . 2009-05-04 09:39 -------- d-----w c:\program files\Magic Workstation
2009-04-13 01:27 . 2009-04-25 20:01 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\Application Data\My Games
2009-04-13 00:36 . 2009-04-13 00:36 -------- d-----w c:\program files\Firaxis Games
2009-04-13 00:35 . 2005-05-26 22:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll
2009-04-12 09:04 . 2009-04-12 09:04 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\Application Data\AVS4YOU
2009-04-12 09:04 . 2009-04-12 09:04 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AVS4YOU
2009-04-12 09:02 . 2009-04-12 09:02 -------- d-----w c:\program files\Common Files\AVSMedia
2009-04-12 09:01 . 2007-02-28 01:36 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-04-12 09:01 . 2009-04-12 09:04 -------- d-----w c:\program files\AVS4YOU
2009-04-12 04:31 . 2009-04-12 08:49 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\ Wonder Woman

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 21:03 . 2006-08-29 07:15 -------- d-----w c:\program files\Yahoo!
2009-05-04 02:15 . 2009-02-27 15:17 -------- d-----w c:\program files\Spyware Terminator
2009-04-25 20:02 . 2006-06-08 09:26 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-01 05:27 . 2009-03-26 07:32 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-29 03:39 . 2009-03-29 03:39 -------- d-----w c:\program files\VideoLAN
2009-03-18 05:40 . 2008-01-17 22:28 -------- d-----w c:\program files\Common Files\LogiShrd
2009-03-13 02:45 . 2009-03-13 02:45 -------- d-----w c:\program files\PowerISO
2009-03-13 02:27 . 2009-03-13 02:25 -------- d-----w c:\program files\DAEMON Tools Pro
2009-03-13 02:23 . 2009-03-13 02:23 685816 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-12 09:19 . 2009-02-27 16:02 -------- d-----w c:\program files\DNA
2009-03-11 02:58 . 2009-03-11 02:58 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-11 02:58 . 2007-08-22 06:36 -------- d-----w c:\program files\Java
2009-03-11 01:12 . 2007-10-22 04:28 79992 -c--a-w c:\documents and settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-10 23:53 . 2009-03-10 23:53 -------- d-----w c:\program files\Microsoft Works
2009-03-10 23:53 . 2009-03-10 23:53 -------- d-----w c:\program files\MSBuild
2009-03-10 23:50 . 2009-03-10 23:50 -------- d-----w c:\program files\Microsoft.NET
2009-03-10 23:47 . 2009-03-10 23:47 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-10 02:21 . 2008-01-15 10:16 -------- d-----w c:\program files\CCleaner
2009-03-08 11:34 . 2002-08-29 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2002-08-29 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2002-08-29 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2002-08-29 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2002-08-29 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2002-08-29 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2002-08-29 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2002-08-29 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2002-08-29 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2002-08-29 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-02-27 15:35 . 2009-02-27 15:35 36 ---h--r c:\windows\sued.dat
2009-02-27 15:17 . 2009-02-27 15:17 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-09 10:19 . 2002-08-29 12:00 1846272 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3D3F79EC-2889-3C5A-BFC7-A32C5229FB98}]
2009-05-04 01:43 204800 ----a-w c:\windows\system32\xwr32678.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-14 00:04 238968 ----a-w c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nvd32_r"="c:\documents and settings\xcape.LAFFITHU-7FBCJV\Application Data\unobi.dll" [2009-03-22 36864]
"Hotfix-KB5504305"="c:\windows\system32\rundll71.exe" [2009-05-04 65536]
"DiskChk help"="c:\documents and settings\All Users.WINDOWS\proto.dll" [2009-05-04 27136]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Hotfix-KB5504305"="c:\windows\system32\rundll71.exe" [2009-05-04 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager"="c:\windows\system32\wltray.exe" [2007-06-14 1282048]
"Hotfix-KB5504305"="c:\windows\system32\rundll71.exe" [2009-05-04 65536]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2008-11-14 6273400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\xcape.LAFFITHU-7FBCJV\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2005-07-05 09:33 188482 ----a-w c:\windows\System32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Hotfix-KB5504305 REG_SZ c:\windows\system32\rundll71.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Dynex Wireless Networking Utility.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Dynex Wireless Networking Utility.lnk
backup=c:\windows\pss\Dynex Wireless Networking Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"DEFGÜ1‘|2‘|2‘|ˆ2‘|>"= DEFGÜ1‘|2‘|2‘|ˆ2‘|>:Nod32 Runtime
"c:\\Program Files\\Dynex G USB Network Adapter\\DynexWCUI.exe"=
"c:\\Documents and Settings\\xcape.LAFFITHU-7FBCJV\\My Documents\\Downloads\\Magic The Gathering with Manalink\\Manalink.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Webroot\\WebrootSecurity\\SpySweeperUI.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13436:TCP"= 13436:TCP:*:Disabled:BitComet 13436 TCP
"13436:UDP"= 13436:UDP:*:Disabled:BitComet 13436 UDP

R1 avfwot;avfwot; [x]
R3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\DRIVERS\a016bus.sys [2008-01-18 83880]
R3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\DRIVERS\a016mdfl.sys [2008-01-18 15016]
R3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\a016mdm.sys [2008-01-18 110504]
R3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\a016mgmt.sys [2008-01-18 104488]
R3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\a016obex.sys [2008-01-18 100648]
R3 avfwim;AvFw Packet Filter Miniport; [x]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.SYS [2003-07-24 17149]
R3 NdisWDM;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\DRIVERS\ndiswdm.sys [2007-10-09 198144]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-05-03 953168]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-05-03 64160]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2008-11-12 29808]
S1 aswSP;avast! Self Protection; [x]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-02-27 142592]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\bcmwlnpf.sys [2007-04-26 33664]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2008-11-14 1086840]
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\DRIVERS\ozscr.sys [2005-04-22 92550]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 08:56]

2009-05-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{6134CEA9-DD6E-495C-A0D1-4F232027D7D7} - (no file)
Toolbar-{FBA44040-BD27-4A09-ACC8-C08B7C723DCD} - (no file)
Toolbar-{84798B8E-69F8-4846-9516-373C2996E2F7} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\xcape.LAFFITHU-7FBCJV\Application Data\Mozilla\Firefox\Profiles\szbofuzl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\documents and settings\xcape.LAFFITHU-7FBCJV\Application Data\Mozilla\Firefox\Profiles\szbofuzl.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 19:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-1993962763-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B57B00D-7ABE-D7A1-9970-C4821E6ACEE6}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-839522115-1993962763-1343024091-1003\Software\Zepter Software\RegLib*ece8b437]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-839522115-1993962763-1343024091-1003\Software\Zepter Software\RegLib*ece8b437\AnyDVD/1]
"1"=dword:46cbd055
"2"=dword:46cbe2d7
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
c:\windows\System32\LgNotify.dll

- - - - - - - > 'explorer.exe'(252)
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\S24EvMon.exe
c:\windows\system32\wltrysvc.exe
c:\windows\system32\bcmwltry.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\scardsvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RegSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\system32\1XConfig.exe
.
**************************************************************************
.
Completion time: 2009-05-05 19:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-05 02:49
ComboFix2.txt 2008-04-29 00:21

Pre-Run: 4,895,817,728 bytes free
Post-Run: 4,816,769,024 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

346 --- E O F --- 2009-05-03 00:30
  • 0

#4
Rorschach112
Posted 05 May 2009 - 05:11 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo...er-t237864.html

Collect::
c:\documents and settings\All Users.WINDOWS\proto.dll
c:\windows\system32\rundll71.exe
c:\documents and settings\xcape.LAFFITHU-7FBCJV\Application Data\unobi.dll
c:\windows\system32\xa2296592.exe
c:\windows\system32\xa2296392.exe
c:\windows\system32\xa2256354.exe
c:\windows\system32\xa2256154.exe
c:\windows\system32\python25.dll
c:\windows\system32\xa2191701.exe
c:\windows\system32\xa2191511.exe
c:\windows\system32\xwr32678.dll
c:\windows\system32\wr32678.dll
c:\windows\system32\xa2176289.exe
c:\windows\system32\xa2176008.exe
c:\windows\system32\xwr96890.dll
c:\windows\system32\wr96890.dll
c:\windows\system32\xa1938978.exe
c:\windows\system32\xa1937265.exe
c:\windows\system32\xwr13723.dll
c:\windows\system32\wr13723.dll
c:\windows\system32\xa1551911.exe
c:\windows\system32\xa1550309.exe
c:\windows\system32\xwr61915.dll
c:\windows\system32\wr61915.dll
c:\windows\system32\xa14182513.exe
c:\windows\system32\xa14153471.exe
c:\windows\system32\xa14107515.exe
c:\windows\system32\xwr70064.dll
c:\windows\system32\wr70064.dll
c:\windows\system32\xa14030845.exe
c:\windows\system32\xa14030264.exe
c:\windows\system32\xwr19877.dll
c:\windows\system32\wr19877.dll
c:\windows\system32\xa10122164.exe
c:\windows\system32\xa10082958.exe
c:\windows\system32\xa9921947.exe
c:\windows\system32\xa9917971.exe
c:\windows\system32\xwr76379.dll
c:\windows\system32\wr76379.dll
c:\windows\system32\xa5357273.exe
c:\windows\system32\xa5249959.exe
c:\windows\system32\xa5239574.exe
c:\windows\system32\xa5220727.exe
c:\windows\system32\xa5175041.exe
c:\windows\system32\xwr43707.dll
c:\windows\system32\wr43707.dll
c:\windows\system32\xa5135764.exe
c:\windows\system32\xa5128834.exe
c:\windows\uninst.exe
c:\windows\IsUninst.exe
c:\windows\sued.dat

folder::
c:\program files\thriXXX
file::
Driver::
avfwot

Suspect::


Save this as CFScript.txt


Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

  • 0

#5
dizzz
Posted 05 May 2009 - 07:03 AM

dizzz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Rorschach112!

I forgot to mention that iexplorer keeps redirecting me to lots of various bogus sites too. really irritating :)


I've followed the instructions above and here are my logs :)



ComboFix 09-05-04.A0 - xcape 05/05/2009 5:40.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.314 [GMT -7:00]
Running from: c:\documents and settings\xcape.LAFFITHU-7FBCJV\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\xcape.LAFFITHU-7FBCJV\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090504-1] *On-access scanning disabled* (Updated)
FW: Webroot Internet Security Essentials *disabled*

file zipped: c:\documents and settings\All Users.WINDOWS\proto.dll
file zipped: c:\documents and settings\xcape.LAFFITHU-7FBCJV\Application Data\unobi.dll
file zipped: c:\windows\IsUninst.exe
file zipped: c:\windows\sued.dat
file zipped: c:\windows\system32\python25.dll
file zipped: c:\windows\system32\rundll71.exe
file zipped: c:\windows\system32\wr13723.dll
file zipped: c:\windows\system32\wr19877.dll
file zipped: c:\windows\system32\wr32678.dll
file zipped: c:\windows\system32\wr43707.dll
file zipped: c:\windows\system32\wr61915.dll
file zipped: c:\windows\system32\wr70064.dll
file zipped: c:\windows\system32\wr76379.dll
file zipped: c:\windows\system32\wr96890.dll
file zipped: c:\windows\system32\xa10082958.exe
file zipped: c:\windows\system32\xa10122164.exe
file zipped: c:\windows\system32\xa14030264.exe
file zipped: c:\windows\system32\xa14030845.exe
file zipped: c:\windows\system32\xa14107515.exe
file zipped: c:\windows\system32\xa14153471.exe
file zipped: c:\windows\system32\xa14182513.exe
file zipped: c:\windows\system32\xa1550309.exe
file zipped: c:\windows\system32\xa1551911.exe
file zipped: c:\windows\system32\xa1937265.exe
file zipped: c:\windows\system32\xa1938978.exe
file zipped: c:\windows\system32\xa2176008.exe
file zipped: c:\windows\system32\xa2176289.exe
file zipped: c:\windows\system32\xa2191511.exe
file zipped: c:\windows\system32\xa2191701.exe
file zipped: c:\windows\system32\xa2256154.exe
file zipped: c:\windows\system32\xa2256354.exe
file zipped: c:\windows\system32\xa2296392.exe
file zipped: c:\windows\system32\xa2296592.exe
file zipped: c:\windows\system32\xa5128834.exe
file zipped: c:\windows\system32\xa5135764.exe
file zipped: c:\windows\system32\xa5175041.exe
file zipped: c:\windows\system32\xa5220727.exe
file zipped: c:\windows\system32\xa5239574.exe
file zipped: c:\windows\system32\xa5249959.exe
file zipped: c:\windows\system32\xa5357273.exe
file zipped: c:\windows\system32\xa9917971.exe
file zipped: c:\windows\system32\xa9921947.exe
file zipped: c:\windows\system32\xwr13723.dll
file zipped: c:\windows\system32\xwr19877.dll
file zipped: c:\windows\system32\xwr32678.dll
file zipped: c:\windows\system32\xwr43707.dll
file zipped: c:\windows\system32\xwr61915.dll
file zipped: c:\windows\system32\xwr70064.dll
file zipped: c:\windows\system32\xwr76379.dll
file zipped: c:\windows\system32\xwr96890.dll
file zipped: c:\windows\uninst.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users.WINDOWS\proto.dll
c:\documents and settings\xcape.LAFFITHU-7FBCJV\Application Data\unobi.dll
c:\documents and settings\xcape.LAFFITHU-7FBCJV\Favorites\games.url
c:\windows\IsUninst.exe
c:\windows\sued.dat
c:\windows\system32\python25.dll
c:\windows\system32\rundll71.exe
c:\windows\system32\wr13723.dll
c:\windows\system32\wr19877.dll
c:\windows\system32\wr32678.dll
c:\windows\system32\wr43707.dll
c:\windows\system32\wr61915.dll
c:\windows\system32\wr70064.dll
c:\windows\system32\wr76379.dll
c:\windows\system32\wr91061.dll
c:\windows\system32\wr96890.dll
c:\windows\system32\xa1004073.exe
c:\windows\system32\xa1004264.exe
c:\windows\system32\xa10082958.exe
c:\windows\system32\xa10122164.exe
c:\windows\system32\xa14030264.exe
c:\windows\system32\xa14030845.exe
c:\windows\system32\xa14107515.exe
c:\windows\system32\xa14153471.exe
c:\windows\system32\xa14182513.exe
c:\windows\system32\xa1550309.exe
c:\windows\system32\xa1551911.exe
c:\windows\system32\xa1937265.exe
c:\windows\system32\xa1938978.exe
c:\windows\system32\xa2176008.exe
c:\windows\system32\xa2176289.exe
c:\windows\system32\xa2191511.exe
c:\windows\system32\xa2191701.exe
c:\windows\system32\xa2256154.exe
c:\windows\system32\xa2256354.exe
c:\windows\system32\xa2296392.exe
c:\windows\system32\xa2296592.exe
c:\windows\system32\xa320460.exe
c:\windows\system32\xa320661.exe
c:\windows\system32\xa388208.exe
c:\windows\system32\xa388398.exe
c:\windows\system32\xa459731.exe
c:\windows\system32\xa459921.exe
c:\windows\system32\xa5128834.exe
c:\windows\system32\xa5135764.exe
c:\windows\system32\xa5175041.exe
c:\windows\system32\xa5220727.exe
c:\windows\system32\xa5239574.exe
c:\windows\system32\xa5249959.exe
c:\windows\system32\xa5357273.exe
c:\windows\system32\xa9917971.exe
c:\windows\system32\xa9921947.exe
c:\windows\system32\xwr13723.dll
c:\windows\system32\xwr19877.dll
c:\windows\system32\xwr32678.dll
c:\windows\system32\xwr43707.dll
c:\windows\system32\xwr61915.dll
c:\windows\system32\xwr70064.dll
c:\windows\system32\xwr76379.dll
c:\windows\system32\xwr91061.dll
c:\windows\system32\xwr96890.dll
c:\windows\uninst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVFWOT
-------\Service_avfwot


((((((((((((((((((((((((( Files Created from 2009-04-05 to 2009-05-05 )))))))))))))))))))))))))))))))
.

2009-05-05 02:24 . 2009-05-05 02:24 -------- dc----w C:\_OTMoveIt
2009-05-04 21:10 . 2008-11-14 00:11 1553272 ----a-w c:\windows\WRSetup.dll
2009-05-04 21:10 . 2009-05-04 21:10 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\Application Data\Webroot
2009-05-04 21:10 . 2009-05-04 21:16 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Webroot
2009-05-04 21:10 . 2009-05-04 21:10 -------- d-----w c:\program files\Webroot
2009-05-04 20:42 . 2009-05-04 20:42 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-04 20:35 . 2009-05-04 20:35 -------- dc----w C:\Binaries
2009-05-04 20:24 . 2009-05-04 21:28 -------- dc----w C:\Rooter$
2009-05-04 19:51 . 2009-05-04 19:51 -------- d-----w c:\program files\ERUNT
2009-05-04 12:51 . 2009-05-04 12:51 -------- d-sh--w c:\documents and settings\xcape.LAFFITHU-7FBCJV\PrivacIE
2009-05-04 12:40 . 2009-05-04 12:40 -------- d-sh--w c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2009-05-04 12:39 . 2009-05-04 12:39 -------- d-sh--w c:\documents and settings\xcape.LAFFITHU-7FBCJV\IETldCache
2009-05-04 12:30 . 2009-05-04 12:35 -------- dc-h--w c:\windows\ie8
2009-05-04 12:24 . 2009-05-04 12:24 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\Google
2009-05-04 12:06 . 2009-05-04 12:06 -------- d-----w c:\program files\Alwil Software
2009-05-04 09:20 . 2009-05-04 11:43 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Avira
2009-05-04 00:45 . 2009-05-04 00:45 4096 ----a-w c:\windows\d3dx.dat
2009-05-04 00:37 . 2009-05-04 00:37 -------- d-----w c:\windows\Fishing Craze
2009-05-04 00:37 . 2009-05-04 09:38 -------- d-----w c:\program files\Fishing Craze
2009-05-04 00:29 . 2005-02-06 03:45 2222800 ----a-w c:\windows\d3dx9_24.dll
2009-05-04 00:28 . 2005-02-06 03:45 2222800 -c--a-w C:\d3dx9_24.dll
2009-05-03 23:05 . 2009-05-03 23:05 -------- d-----w c:\program files\Illusion
2009-05-03 17:38 . 2009-05-03 17:42 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-03 17:38 . 2009-05-05 04:58 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-05-03 17:36 . 2009-05-03 17:36 -------- d-----w c:\program files\Trend Micro
2009-05-03 09:40 . 2009-05-03 08:57 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-03 08:57 . 2009-05-03 08:57 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-03 08:55 . 2009-05-03 08:55 -------- dc-h--w c:\documents and settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-03 08:55 . 2009-05-03 08:55 -------- d-----w c:\program files\Lavasoft
2009-05-03 08:55 . 2009-05-03 08:57 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2009-05-02 20:07 . 2009-05-04 09:39 -------- d-----w c:\program files\Panda Security
2009-05-02 19:58 . 2009-05-02 19:58 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\.housecall6.6
2009-05-02 18:48 . 2009-05-03 00:01 -------- d-----w c:\windows\BDOSCAN8
2009-05-02 16:12 . 2009-05-02 16:12 -------- d-----w c:\program files\Games
2009-04-26 02:38 . 2009-04-26 02:38 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\Real
2009-04-26 02:38 . 2009-04-26 02:38 -------- d-----w c:\program files\Real Alternative
2009-04-25 09:19 . 2009-04-25 09:19 -------- d-----w c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\PCHealth
2009-04-22 02:58 . 2009-04-22 02:58 531 ----a-w c:\windows\eReg.dat
2009-04-22 02:58 . 2009-04-22 02:58 -------- d-----w c:\program files\Maxis
2009-04-19 06:37 . 2009-04-19 06:37 -------- d-----w c:\documents and settings\XCAPE~1~LAF
2009-04-19 06:37 . 2009-04-19 06:37 -------- d-----w c:\documents and settings\XCAPE~1~LAF\LOCALS~1
2009-04-19 03:29 . 2009-04-19 03:29 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\TVU Networks
2009-04-19 03:29 . 2009-04-19 03:29 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\TVU Networks
2009-04-19 03:28 . 2009-04-19 03:28 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\LocalLow
2009-04-18 10:45 . 2009-04-18 11:26 -------- d-----w c:\program files\Apprentice
2009-04-18 10:42 . 2009-05-04 09:39 -------- d-----w c:\program files\Magic Workstation
2009-04-13 01:27 . 2009-04-25 20:01 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\Application Data\My Games
2009-04-13 00:36 . 2009-04-13 00:36 -------- d-----w c:\program files\Firaxis Games
2009-04-13 00:35 . 2005-05-26 22:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll
2009-04-12 09:04 . 2009-04-12 09:04 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\Application Data\AVS4YOU
2009-04-12 09:04 . 2009-04-12 09:04 -------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AVS4YOU
2009-04-12 09:02 . 2009-04-12 09:02 -------- d-----w c:\program files\Common Files\AVSMedia
2009-04-12 09:01 . 2007-02-28 01:36 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-04-12 09:01 . 2009-04-12 09:04 -------- d-----w c:\program files\AVS4YOU
2009-04-12 04:31 . 2009-04-12 08:49 -------- d-----w c:\documents and settings\xcape.LAFFITHU-7FBCJV\ Wonder Woman

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 21:03 . 2006-08-29 07:15 -------- d-----w c:\program files\Yahoo!
2009-05-04 02:15 . 2009-02-27 15:17 -------- d-----w c:\program files\Spyware Terminator
2009-04-25 20:02 . 2006-06-08 09:26 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-01 05:27 . 2009-03-26 07:32 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-29 03:39 . 2009-03-29 03:39 -------- d-----w c:\program files\VideoLAN
2009-03-18 05:40 . 2008-01-17 22:28 -------- d-----w c:\program files\Common Files\LogiShrd
2009-03-13 02:45 . 2009-03-13 02:45 -------- d-----w c:\program files\PowerISO
2009-03-13 02:27 . 2009-03-13 02:25 -------- d-----w c:\program files\DAEMON Tools Pro
2009-03-13 02:23 . 2009-03-13 02:23 685816 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-12 09:19 . 2009-02-27 16:02 -------- d-----w c:\program files\DNA
2009-03-11 02:58 . 2009-03-11 02:58 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-11 02:58 . 2007-08-22 06:36 -------- d-----w c:\program files\Java
2009-03-11 01:12 . 2007-10-22 04:28 79992 -c--a-w c:\documents and settings\xcape.LAFFITHU-7FBCJV\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-10 23:53 . 2009-03-10 23:53 -------- d-----w c:\program files\Microsoft Works
2009-03-10 23:53 . 2009-03-10 23:53 -------- d-----w c:\program files\MSBuild
2009-03-10 23:50 . 2009-03-10 23:50 -------- d-----w c:\program files\Microsoft.NET
2009-03-10 23:47 . 2009-03-10 23:47 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-10 02:21 . 2008-01-15 10:16 -------- d-----w c:\program files\CCleaner
2009-03-08 11:34 . 2002-08-29 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2002-08-29 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2002-08-29 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2002-08-29 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2002-08-29 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2002-08-29 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2002-08-29 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2002-08-29 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2002-08-29 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2002-08-29 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-02-27 15:17 . 2009-02-27 15:17 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-02-09 10:19 . 2002-08-29 12:00 1846272 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-05-05_02.45.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-05 12:47 . 2009-05-05 12:47 16384 c:\windows\TEMP\Perflib_Perfdata_768.dat
+ 2009-05-05 12:47 . 2009-05-05 12:47 16384 c:\windows\TEMP\Perflib_Perfdata_508.dat
+ 2009-05-04 20:42 . 2009-05-05 04:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-04 20:42 . 2009-05-05 02:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-21 06:40 . 2009-05-05 04:33 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-21 06:40 . 2009-05-05 02:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-05-04 20:42 . 2009-05-05 04:33 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-05-04 20:42 . 2009-05-05 02:42 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2007-08-21 06:40 . 2009-05-05 02:42 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-08-21 06:40 . 2009-05-05 04:33 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-05 12:48 . 2009-05-05 12:50 5540 c:\windows\TEMP\wrstemp\S-1-5-21-839522115-1993962763-1343024091-1003.dat
+ 2009-05-05 12:48 . 2009-05-05 12:48 4692 c:\windows\TEMP\wrstemp\S-1-5-20.dat
- 2009-05-05 02:43 . 2009-05-05 02:43 4692 c:\windows\TEMP\wrstemp\S-1-5-20.dat
- 2009-05-05 02:43 . 2009-05-05 02:43 4624 c:\windows\TEMP\wrstemp\S-1-5-19.dat
+ 2009-05-05 12:48 . 2009-05-05 12:48 4624 c:\windows\TEMP\wrstemp\S-1-5-19.dat
+ 2009-05-05 12:48 . 2009-05-05 12:48 3570 c:\windows\TEMP\wrstemp\S-1-5-18.dat
+ 2009-05-05 12:50 . 2009-05-05 12:50 176128 c:\windows\erdnt\AutoBackup\5-5-2009\Users\00000002\UsrClass.dat
+ 2009-05-05 12:50 . 2005-10-20 19:02 163328 c:\windows\erdnt\AutoBackup\5-5-2009\ERDNT.EXE
+ 2009-05-05 12:50 . 2009-05-05 12:50 7843840 c:\windows\erdnt\AutoBackup\5-5-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-14 00:04 238968 ----a-w c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager"="c:\windows\system32\wltray.exe" [2007-06-14 1282048]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2008-11-14 6273400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\xcape.LAFFITHU-7FBCJV\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2005-07-05 09:33 188482 ----a-w c:\windows\System32\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Hotfix-KB5504305 REG_SZ c:\windows\system32\rundll71.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Dynex Wireless Networking Utility.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Dynex Wireless Networking Utility.lnk
backup=c:\windows\pss\Dynex Wireless Networking Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"DEFGÜ1‘|2‘|2‘|ˆ2‘|>"= DEFGÜ1‘|2‘|2‘|ˆ2‘|>:Nod32 Runtime
"c:\\Program Files\\Dynex G USB Network Adapter\\DynexWCUI.exe"=
"c:\\Documents and Settings\\xcape.LAFFITHU-7FBCJV\\My Documents\\Downloads\\Magic The Gathering with Manalink\\Manalink.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Webroot\\WebrootSecurity\\SpySweeperUI.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13436:TCP"= 13436:TCP:*:Disabled:BitComet 13436 TCP
"13436:UDP"= 13436:UDP:*:Disabled:BitComet 13436 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/3/2009 1:57 AM 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/12/2008 4:02 PM 29808]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/4/2009 5:07 AM 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2/27/2009 8:17 AM 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2009 5:07 AM 20560]
R2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\bcmwlnpf.sys [3/4/2009 7:22 PM 33664]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [5/4/2009 2:11 PM 1086840]
S3 a016bus;Sony Ericsson Device A016 driver (WDM);c:\windows\system32\drivers\a016bus.sys [3/28/2009 7:25 PM 83880]
S3 a016mdfl;Sony Ericsson Device A016 USB WMC Modeme Filter;c:\windows\system32\drivers\a016mdfl.sys [3/28/2009 7:25 PM 15016]
S3 a016mdm;Sony Ericsson Device A016 USB WMC Modem Driver;c:\windows\system32\drivers\a016mdm.sys [3/28/2009 7:25 PM 110504]
S3 a016mgmt;Sony Ericsson Device A016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\a016mgmt.sys [3/28/2009 7:25 PM 104488]
S3 a016obex;Sony Ericsson Device A016 USB WMC OBEX Interface;c:\windows\system32\drivers\a016obex.sys [3/28/2009 7:25 PM 100648]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys --> c:\windows\system32\DRIVERS\avfwim.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 12:10 PM 17149]
S3 NdisWDM;Dynex Wireless G USB Network Adapter Service;c:\windows\system32\drivers\NdisWDM.sys [3/4/2009 7:22 PM 198144]
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\drivers\ozscr.sys [8/21/2007 12:04 AM 92550]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 953168]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 08:56]

2009-05-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{3D3F79EC-2889-3C5A-BFC7-A32C5229FB98} - c:\windows\system32\xwr32678.dll
HKCU-Run-DiskChk help - c:\documents and settings\All Users.WINDOWS\proto.dll
HKCU-RunServices-Hotfix-KB5504305 - c:\windows\system32\rundll71.exe
HKLM-Run-Hotfix-KB5504305 - c:\windows\system32\rundll71.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\xcape.LAFFITHU-7FBCJV\Application Data\Mozilla\Firefox\Profiles\szbofuzl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - plugin: c:\documents and settings\xcape.LAFFITHU-7FBCJV\Application Data\Mozilla\Firefox\Profiles\szbofuzl.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-05 05:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-1993962763-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B57B00D-7ABE-D7A1-9970-C4821E6ACEE6}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-839522115-1993962763-1343024091-1003\Software\Zepter Software\RegLib*ece8b437]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-839522115-1993962763-1343024091-1003\Software\Zepter Software\RegLib*ece8b437\AnyDVD/1]
"1"=dword:46cbd055
"2"=dword:46cbe2d7
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
c:\windows\System32\LgNotify.dll

- - - - - - - > 'explorer.exe'(3052)
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\S24EvMon.exe
c:\windows\system32\wltrysvc.exe
c:\windows\system32\bcmwltry.exe
c:\windows\system32\ZCfgSvc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\1XConfig.exe
c:\windows\system32\scardsvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RegSrvc.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Webroot\WebrootSecurity\SSU.exe
.
**************************************************************************
.
Completion time: 2009-05-05 5:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-05 12:54
ComboFix2.txt 2009-05-05 02:49
ComboFix3.txt 2008-04-29 00:21

Pre-Run: 4,088,131,584 bytes free
Post-Run: 3,353,214,976 bytes free

608 --- E O F --- 2009-05-03 00:30
  • 0

#6
Rorschach112
Posted 05 May 2009 - 07:13 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#7
dizzz
Posted 05 May 2009 - 09:45 AM

dizzz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi I am having trouble installing malwarebytes. it has something to do with a file called "unload.msi"

mbam cannot find the file called "unload.msi" i tried searching for it in the web, but i cant seem to find it :)
  • 0

#8
Rorschach112
Posted 05 May 2009 - 02:58 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
do this

Please download Dial-A-Fix.
Unzip the folder found in the archive to a place you can remember. For example: C:\DialAFix
Then follow the steps below.
  • Browse to the folder where you saved Dial-A-Fix.
  • Open Dial-a-fix.exe
  • Tick the following boxes:
    Empty temp folders
Fix Windows Installer
ActiveX controls/codecs
Control Panel applets
Programming cores/runtimes
Explorer/IE/OE/shell/WMP
  • In the bottom left press the GO Button.
Note that ticking a box might tick others too. Leave them ticked!



then try it again
  • 0

#9
dizzz
Posted 08 May 2009 - 04:19 PM

dizzz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi Rorschach112 ,

sorry for the delayed reply, been really busy at work :)


anyway, dial-a-fix might've worked because there are no more invisible iexplorer on the taskbar and i stopped being redirected to various bogus sites :)

but i still get 100% CPU usage every 30mins or so :)

and kaspersky online scan didnt find anything. :)
  • 0

#10
Rorschach112
Posted 08 May 2009 - 04:56 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
did mbam work ? Do you have its log ?


Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.
  • 0

#11
dizzz
Posted 08 May 2009 - 05:22 PM

dizzz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Mbam cant update nor install well because it seems to have a problem unloading files. it says that it cannot find the unload.msi file in my pc :) i cant seem to find that file on the net either =(


anyway, here's the log from goored:

GooredFix v1.92 by jpshortstuff
Log created at 16:15 on 15/05/2009 running Option #1 (xcape)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"


thanks for the quick reply =)
  • 0

#12
Rorschach112
Posted 08 May 2009 - 05:32 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Download RootRepeal.zip and unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#13
dizzz
Posted 08 May 2009 - 08:59 PM

dizzz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hi, the report wasnt that long :)


ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/05/15 19:49
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF4439000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A85000 Size: 8192 File Visible: No
Status: -

Name: PCI_NTPNP5024
Image Path: \Driver\PCI_NTPNP5024
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF16FA000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\xcape.LAFFITHU-7FBCJV\ntuser.dat.LOG
Status: Size mismatch (API: 16384, Raw: 1024)

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf44c46b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf44c4574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf44c4a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf44c414c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf7428fb2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf7429340

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf44c464e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf44c408c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf44c40f0

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf7429418

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf44c476e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf44c472e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xf44c48ae

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x82fd41e8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x82cb2790 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x82cb2790 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x82cb2790 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x82cb2790 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82cb2790 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82cb2790 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82cb2790 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82cb2790 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x82cb2790 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82cb2790 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x82cb2790 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x82fd51e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x82fd51e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82fd51e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82fd51e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x82fd51e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82fd51e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x82fd51e8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x82ceb1e8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x82ceb1e8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82ceb1e8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82ceb1e8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x82ceb1e8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82ceb1e8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x82ceb1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x82f661e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x82f661e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x82f661e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82f661e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82f661e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82f661e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82f661e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x82f661e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x82f661e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82f661e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x82f661e8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8264d1e8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8264d1e8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8264d1e8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8264d1e8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8264d1e8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8264d1e8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x82cc9790 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x82cc9790 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82cc9790 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82cc9790 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x82cc9790 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82cc9790 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x82cc9790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x825db790 Size: -

Object: Hidden Code [Driver: Cdfsȅఐ汇䁡ܜꘐ, IRP_MJ_CREATE]
Process: System Address: 0x82d1f1e8 Size: -

Object: Hidden Code [Driver: Cdfsȅఐ汇䁡ܜꘐ, IRP_MJ_CLOSE]
Process: System Address: 0x82d1f1e8 Size: -

Object: Hidden Code [Driver: Cdfsȅఐ汇䁡ܜꘐ, IRP_MJ_READ]
Process: System Address: 0x82d1f1e8 Size: -

Object: Hidden Code [Driver: Cdfsȅఐ汇䁡ܜꘐ, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82d1f1e8 Size: -

Object: Hidden Code [Driver: Cdfsȅఐ汇䁡ܜꘐ, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82d1f1e8 Size: -

Object: Hidden Code [Driver: Cdfsȅఐ汇䁡ܜꘐ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82d1f1e8 Size: -

Object: Hidden Code [Driver: Cdfsȅఐ汇䁡ܜꘐ, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82d1f1e8 Size: -

Object: Hidden Code [Driver: Cdfsȅఐ汇䁡ܜꘐ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82d1f1e8 Size: -

Object: Hidden Code [Driver: Cdfsȅఐ汇䁡ܜꘐ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82d1f1e8 Size: -

Object: Hidden Code [Driver: Cdfsȅఐ汇䁡ܜꘐ, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82d1f1e8 Size: -

Object: Hidden Code [Driver: Cdfsȅఐ汇䁡ܜꘐ, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82d1f1e8 Size: -

Object: Hidden Code [Driver: Cdfsȅఐ汇䁡ܜꘐ, IRP_MJ_CLEANUP]
Process: System Address: 0x82d1f1e8 Size: -

Object: Hidden Code [Driver: Cdfsȅఐ汇䁡ܜꘐ, IRP_MJ_PNP]
Process: System Address: 0x82d1f1e8 Size: -
  • 0

#14
Rorschach112
Posted 09 May 2009 - 05:01 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image



  • Download OTCleanIt to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.




Below I have included a number of recommendations for how to protect your computer against malware infections.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#15
Rorschach112
Posted 14 May 2009 - 11:43 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP