Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Processing Message AND Google Redirect! [Solved]

Started by grohfactor , May 07 2009 02:50 PM

  • This topic is locked This topic is locked

#1
grohfactor
Posted 07 May 2009 - 02:50 PM

grohfactor

    Member

  • Member
  • PipPip
  • 24 posts
Hello everyone. I do realize that that there are several topics on my issue, but I noticed that those of you who help us have asked each one to post a log, and every one is different. I look forward to any help that can be offered.

Jeez, where do I begin? Last week my computer got a virus that would redirect me based on searches I did.... I am not sure if this was google-redirect, but it was significant enough to put McAfee at a loss. I have McAfee Total Protection... I did a number of scans on my own until the virus figured out how to stop my scans mid-scan... I called McAfee and someone remotely ran Command Prompt Scans remotely in Safemode with networking. I thought everything would be fine, but the next day, everytime I logged in, it would log me right back out. We had an IT guy come by because McAfee suggested we re-apply the OS. He instead just deleted my profile and created a new one. Sure enough, the next day, the same issues. I have now noticed that whatever is redirecting me is indeed called Google-redirect.com.

I also have a driver issue: Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c

I have read numerous solved issues here, and downloaded Malwarebytes. I also use Ad-Aware and McAfee...

This issue has not yet been resolved... someone, please help!
  • 0

Advertisements

#2
grohfactor
Posted 07 May 2009 - 02:53 PM

grohfactor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Oh, and because I saw this on other peoples issues, I have already updated Java and Internet Explorer... FYI, this is taking place on IE and Firefox...

I can post logs from Malwarebytes or McAfee if needed.

Thanks!
  • 0

#3
heir
Posted 11 May 2009 - 10:43 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hello grohfactor !

Welcome to the site! :) My nickname is heir and I'll be helping clean up your computer. :)

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.


I noticed that those of you who help us have asked each one to post a log, and every one is different.

I any case you should go to this sticky as all who's posting in this subforum should do before they start a new topic.
Follow the steps there and post the logs in your reply here and we'll take it from there.
I would like to see:

The log from MBAM
The log from Rooter
The two logs from OTListIt2 (OTListIt.txt and Extras.txt)

Edited by heir, 11 May 2009 - 10:46 AM.
Added list of logs

  • 0

#4
grohfactor
Posted 11 May 2009 - 11:22 AM

grohfactor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Heir,

Thanks so much for the help...

Here is the MBAM log from Friday, and the one from today just under it... (I am showing you 2 logs because I have run the Malwarebytes scan several times last week, and it's a different number of viruses it finds all the time, so if it said something was deleted, it isn't, because it shows up again...)

FRIDAY:

Malwarebytes' Anti-Malware 1.36
Database version: 2088
Windows 5.1.2600 Service Pack 3

5/8/2009 5:40:26 PM
mbam-log-2009-05-08 (17-40-26).txt

Scan type: Quick Scan
Objects scanned: 99688
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\Eric Groh\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\SystemProfile\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\ChkDisk.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric Groh\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.


TODAY:

Malwarebytes' Anti-Malware 1.36
Database version: 2088
Windows 5.1.2600 Service Pack 3

5/11/2009 1:16:28 PM
mbam-log-2009-05-11 (13-16-28).txt

Scan type: Quick Scan
Objects scanned: 103254
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\Eric Groh\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\SystemProfile\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\ChkDisk.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
  • 0

#5
grohfactor
Posted 11 May 2009 - 11:25 AM

grohfactor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Rooter:

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:229749 Mo/Free:2082 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
H:\ [Fixed] - FAT32 - (Total:8714 Mo/Free:1148 Mo)
S:\ [Network] (Total:476937 Mo/Free:995 Mo)
U:\ [Network] (Total:476937 Mo/Free:995 Mo)

Mon 05/11/2009|13:23

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Windows Defender\MsMpEng.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
---------- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\SiteAdvisor\6173\SAService.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\SearchIndexer.exe
---------- C:\Program Files\McAfee\MPF\MPFSrv.exe
---------- C:\WINDOWS\system32\wbem\unsecapp.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\vVX3000.exe
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
---------- C:\WINDOWS\system32\RUNDLL32.EXE
---------- C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
---------- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Windows Defender\MSASCui.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
---------- \\?\globalroot\systemroot\system32\rundll32.exe
---------- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
---------- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\WINDOWS\system32\SearchProtocolHost.exe
---------- C:\WINDOWS\system32\SearchFilterHost.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

==> VUNDO <==

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Mon 05/11/2009|13:23

----------------------\\ Scan completed at 13:23
  • 0

#6
grohfactor
Posted 11 May 2009 - 11:32 AM

grohfactor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OTListIt logfile created on: 5/11/2009 1:28:25 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\Eric Groh\Local Settings\Temporary Internet Files\Content.IE5\ZKF1WOK6
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 300.62 Mb Available Physical Memory | 29.40% Memory free
2.31 Gb Paging File | 1.48 Gb Available in Paging File | 64.15% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.37 Gb Total Space | 202.03 Gb Free Space | 90.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 8.51 Gb Total Space | 1.12 Gb Free Space | 13.19% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive S: | 465.76 Gb Total Space | 440.97 Gb Free Space | 94.68% Space Free | Partition Type: NTFS
Drive U: | 465.76 Gb Total Space | 440.97 Gb Free Space | 94.68% Space Free | Partition Type: NTFS

Computer Name: DWS10
Current User Name: Eric Groh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (McAfee, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\SiteAdvisor\6173\SAService.exe ()
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe (McAfee, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\SiteAdvisor\6173\SiteAdv.exe ()
PRC - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - \?\globalroot\C:\WINDOWS\system32\rundll32.exe File not found
PRC - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe (McAfee, Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Eric Groh\Local Settings\Temporary Internet Files\Content.IE5\ZKF1WOK6\OTListIt2[1].exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Stopped]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EngineServer [Auto | Running]) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe (McAfee, Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (McAfee HackerWatch Service [Auto | Running]) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (McAfee, Inc.)
SRV - (McShield [On_Demand | Running]) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe (McAfee, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MpfService [On_Demand | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSCamSvc [Auto | Running]) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (myAgtSvc [Auto | Running]) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (SiteAdvisor Service [Auto | Running]) -- C:\Program Files\SiteAdvisor\6173\SAService.exe ()
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (CXFALCON [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\cxfalcon.sys (Conexant Systems, Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\System32\HPZipr12.dll (Hewlett-Packard)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (IrBus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\IrBus.sys (Microsoft Corporation)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (MfeAVFK [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MfeAVFK.sys (McAfee, Inc.)
DRV - (MfeBOPK [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MfeBOPK.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeRKDK [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\MfeRKDK.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\WINDOWS\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RimUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RimUsb.sys (Research In Motion Limited)
DRV - (RimVSerPort [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys (Research in Motion Ltd)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (VX3000 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VX3000.sys (Microsoft Corporation)
DRV - (WN5301 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wn5301.sys (Liteon Technology Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {034362E6-EEA5-4B10-8857-4886664B841A}:1.0
FF - prefs.js..extensions.enabledItems: {08C3E2B2-28C6-4319-8F30-AB3BF74AB4C9}:1.0
FF - prefs.js..extensions.enabledItems: {08D4E45B-A77E-4A34-8D08-1AE3CF6C6878}:1.0
FF - prefs.js..extensions.enabledItems: {0F1EB8A4-D805-47A5-B60E-37342568AB75}:1.0
FF - prefs.js..extensions.enabledItems: {26104708-C5A8-4587-8144-635B1B93FD5E}:1.0
FF - prefs.js..extensions.enabledItems: {2FB53317-D20C-4D9D-AD03-4438D1956255}:1.0
FF - prefs.js..extensions.enabledItems: {3C541550-33DA-4F72-8C1B-7D3DBD3A46F1}:1.0
FF - prefs.js..extensions.enabledItems: {42E391D9-967D-4C04-8B27-2E3899927FC7}:1.0
FF - prefs.js..extensions.enabledItems: {44046F12-1F85-4059-A0A2-E12128AB279E}:1.0
FF - prefs.js..extensions.enabledItems: {45715A67-430E-4B58-B964-10378E65514C}:1.0
FF - prefs.js..extensions.enabledItems: {50864C6A-1F3F-4F42-92C7-C0AF3D311043}:1.0
FF - prefs.js..extensions.enabledItems: {5F71B4A0-6F3B-4AFA-80B6-484773E3F098}:1.0
FF - prefs.js..extensions.enabledItems: {6736B158-AFFE-4A8B-B913-4065C8F4CAEC}:1.0
FF - prefs.js..extensions.enabledItems: {6FFC9017-DDA9-46AB-B293-2588DDEE9E5C}:1.0
FF - prefs.js..extensions.enabledItems: {70550096-CF19-48E8-BC30-AA7CBCF7E64A}:1.0
FF - prefs.js..extensions.enabledItems: {744DD12F-67CB-4384-A9E7-79206468B059}:1.0
FF - prefs.js..extensions.enabledItems: {82C30042-C896-4135-931C-EBDD5AAB088C}:1.0
FF - prefs.js..extensions.enabledItems: {82CE0DED-CB76-4EA1-999C-25B154B99A61}:1.0
FF - prefs.js..extensions.enabledItems: {882E420B-D109-4A78-BFA2-7866A5C081E0}:1.0
FF - prefs.js..extensions.enabledItems: {915E2611-A008-435B-8E57-6016A4B0C0E7}:1.0
FF - prefs.js..extensions.enabledItems: {9EA5B66B-6C5B-4C2C-880C-82413B955665}:1.0
FF - prefs.js..extensions.enabledItems: {A4BB4448-E5D1-4485-AC20-533A7F1E968B}:1.0
FF - prefs.js..extensions.enabledItems: {A65EE25D-1002-4291-848E-847347D93E59}:1.0
FF - prefs.js..extensions.enabledItems: {B03E079F-D2B0-4724-87FF-627C9BF7C37A}:1.0
FF - prefs.js..extensions.enabledItems: {C361E529-A1A8-42A3-9EBA-142511492E72}:1.0
FF - prefs.js..extensions.enabledItems: {C851BF49-FEB5-45E3-9454-D6419C762F67}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {DF42EBB0-E778-4F92-A4E0-7159110D91D0}:1.0
FF - prefs.js..extensions.enabledItems: {E05F25AF-CE56-4A04-BD4A-D05502CE5093}:1.0
FF - prefs.js..extensions.enabledItems: {E3ACF27A-D819-4777-A24E-938D2956370E}:1.0
FF - prefs.js..extensions.enabledItems: {F09143A3-444A-4FC3-AD06-EE550C3E66D6}:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/05/05 14:47:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/22 13:09:23 | 00,000,000 | ---D | M]

[2009/05/04 15:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric Groh\Application Data\mozilla\Extensions
[2009/05/04 15:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric Groh\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/04 15:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Eric Groh\Application Data\mozilla\Firefox\Profiles\kv8wctwf.default\extensions
[2009/05/08 18:00:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/08 17:55:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{018D39D1-1D72-456A-AD75-95CCADA749D1}
[2009/05/07 13:37:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{034362E6-EEA5-4B10-8857-4886664B841A}
[2009/05/06 16:30:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{08C3E2B2-28C6-4319-8F30-AB3BF74AB4C9}
[2009/05/05 13:11:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{08D4E45B-A77E-4A34-8D08-1AE3CF6C6878}
[2009/05/07 14:44:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{0F1EB8A4-D805-47A5-B60E-37342568AB75}
[2009/05/07 14:09:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{26104708-C5A8-4587-8144-635B1B93FD5E}
[2009/05/04 14:38:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{2FB53317-D20C-4D9D-AD03-4438D1956255}
[2009/05/08 16:20:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{306E346D-346D-4C1D-A93E-DDA95EF74379}
[2009/05/08 18:00:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{388C4307-6B90-401C-BA15-25288B05618D}
[2009/05/08 11:35:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3C541550-33DA-4F72-8C1B-7D3DBD3A46F1}
[2009/04/29 12:38:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{42E391D9-967D-4C04-8B27-2E3899927FC7}
[2009/05/07 10:50:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{44046F12-1F85-4059-A0A2-E12128AB279E}
[2009/05/07 13:14:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{45715A67-430E-4B58-B964-10378E65514C}
[2009/01/26 15:14:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}
[2009/05/07 12:51:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{50864C6A-1F3F-4F42-92C7-C0AF3D311043}
[2009/05/07 13:10:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{5F71B4A0-6F3B-4AFA-80B6-484773E3F098}
[2009/05/07 12:55:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{6736B158-AFFE-4A8B-B913-4065C8F4CAEC}
[2009/05/07 13:12:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{6FFC9017-DDA9-46AB-B293-2588DDEE9E5C}
[2009/05/06 18:27:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{70550096-CF19-48E8-BC30-AA7CBCF7E64A}
[2009/05/04 14:57:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{744DD12F-67CB-4384-A9E7-79206468B059}
[2009/05/08 17:57:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{7B8CA6D2-D9F1-4B26-9CED-F5DBA003B823}
[2009/05/06 18:20:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{82C30042-C896-4135-931C-EBDD5AAB088C}
[2009/05/07 13:22:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{82CE0DED-CB76-4EA1-999C-25B154B99A61}
[2009/05/04 15:17:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{882E420B-D109-4A78-BFA2-7866A5C081E0}
[2009/05/05 12:42:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{915E2611-A008-435B-8E57-6016A4B0C0E7}
[2009/05/06 18:00:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{9EA5B66B-6C5B-4C2C-880C-82413B955665}
[2009/05/08 12:03:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{A49BB67B-FE5E-4D1F-B8D1-1E9B4BB9D273}
[2009/05/05 11:13:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{A4BB4448-E5D1-4485-AC20-533A7F1E968B}
[2009/05/05 12:39:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{A65EE25D-1002-4291-848E-847347D93E59}
[2009/05/06 16:53:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B03E079F-D2B0-4724-87FF-627C9BF7C37A}
[2009/05/07 14:10:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{C361E529-A1A8-42A3-9EBA-142511492E72}
[2009/05/05 12:50:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{C851BF49-FEB5-45E3-9454-D6419C762F67}
[2009/01/22 13:09:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/05/07 11:13:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/05/05 11:04:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{DF42EBB0-E778-4F92-A4E0-7159110D91D0}
[2009/05/05 15:20:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{E05F25AF-CE56-4A04-BD4A-D05502CE5093}
[2009/05/05 12:47:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{E3ACF27A-D819-4777-A24E-938D2956370E}
[2009/05/07 12:26:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{F09143A3-444A-4FC3-AD06-EE550C3E66D6}
[2009/05/08 17:33:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{F689EB5C-EC7B-4046-89B2-CC565C331730}

O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 ( )
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background (Research In Motion Limited)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft WinUpdate] C:\WINDOWS\system32\msltstsoft_updt.exe ()
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe ()
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon (Microsoft Corporation)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [autochk] rundll32.exe C:\DOCUME~1\ERICGR~1\protect.dll,_IWMPEvents@16 ( )
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\ChkDisk.dll ( )
O4 - Startup: C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1233004662750 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://meetingplace...bex/ieatgpc.cab (GpcContainer Class)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.7.0.752.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (mpvmor.dll) - File not found
O20 - AppInit_DLLs: (cymxmi.dll) - File not found
O20 - AppInit_DLLs: (miruth.dll) - File not found
O20 - AppInit_DLLs: (vasnlr.dll) - File not found
O20 - AppInit_DLLs: (abiqtr.dll) - File not found
O20 - AppInit_DLLs: (ekpvkm.dll) - File not found
O20 - AppInit_DLLs: (luedmt.dll) - File not found
O20 - AppInit_DLLs: (uoxtev.dll) - File not found
O20 - AppInit_DLLs: (igexfz.dll) - File not found
O20 - AppInit_DLLs: (gnqlst.dll) - File not found
O20 - AppInit_DLLs: (dfkztb.dll) - File not found
O20 - AppInit_DLLs: (mbtsmu.dll) - File not found
O20 - AppInit_DLLs: (klbzyp.dll) - File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\lijafihe.dll) - C:\WINDOWS\system32\lijafihe.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\wusamebo.dll) - c:\windows\system32\wusamebo.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\xxyArPJd: DllName - xxyArPJd.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\byXOIxxy) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/23 12:18:19 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 00,000,053 | -HS- | M] () - H:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{3978c176-d052-11dd-a179-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{3978c176-d052-11dd-a179-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4fe7c4ae-655c-11dd-90be-00c0a8ae31bf}\Shell - "" = AutoRun
O33 - MountPoints2\{4fe7c4ae-655c-11dd-90be-00c0a8ae31bf}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4fe7c4ae-655c-11dd-90be-00c0a8ae31bf}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/11 13:23:17 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/11 13:18:16 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\nfbto.sys
[2009/05/11 13:17:57 | 00,000,655 | -HS- | C] () -- C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/11 10:42:28 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Michael Capizzi.doc
[2009/05/08 18:14:35 | 00,024,064 | -HS- | C] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/05/08 18:14:35 | 00,024,064 | -HS- | C] ( ) -- C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\ChkDisk.dll
[2009/05/08 17:41:59 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\lmn_setup.exe
[2009/05/08 13:10:48 | 00,000,869 | ---- | C] () -- C:\win_betaengdat
[2009/05/08 13:06:45 | 00,000,000 | ---D | C] -- C:\scan
[2009/05/08 13:05:55 | 64,524,628 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\win_betaengdat.zip
[2009/05/08 12:41:16 | 00,022,453 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Infections.zip
[2009/05/08 12:37:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Desktop\Infections
[2009/05/08 12:34:21 | 03,623,736 | ---- | C] (Sysinternals) -- C:\Documents and Settings\Eric Groh\Desktop\procexp.exe
[2009/05/07 15:48:55 | 00,016,435 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Tyree Mims.docx
[2009/05/07 15:44:11 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Jim Ristagno.doc
[2009/05/07 15:34:20 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\~$rker Brickley.docx
[2009/05/07 15:05:19 | 00,000,980 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/05/07 15:01:29 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/07 13:36:43 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/07 13:34:57 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/07 13:31:58 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/05/07 12:53:23 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/05/07 12:43:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\WinRAR
[2009/05/07 12:25:16 | 00,013,779 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Parker Brickley.docx
[2009/05/07 12:24:37 | 00,016,647 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\HENRY ARIAS.docx
[2009/05/07 12:05:04 | 00,016,933 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\James M.docx
[2009/05/07 12:03:47 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\~$yree R.docx
[2009/05/07 11:58:48 | 00,018,921 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Daniel.docx
[2009/05/07 11:58:36 | 00,016,452 | ---- | C] () -- C:\Documents and Settings\Eric Groh\Desktop\Tyree R.docx
[2009/05/07 11:09:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Sun
[2009/05/07 11:04:58 | 00,000,202 | ---- | C] () -- C:\43214354.bat
[2009/05/06 17:48:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/05/06 17:48:17 | 00,001,762 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/05/06 16:23:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Malwarebytes
[2009/05/06 16:23:39 | 00,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/06 16:23:38 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/06 16:23:36 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/06 16:23:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/06 16:23:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/06 16:09:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Local Settings\Apps
[2009/05/06 16:08:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Windows Search
[2009/05/06 07:57:15 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/05/06 06:36:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/05/05 17:10:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\AdobeUM
[2009/05/05 14:53:21 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/05 14:52:02 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/05 13:37:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/05/05 13:37:19 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/05/05 13:36:53 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/05/05 13:36:53 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/05/05 13:36:53 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/05/05 13:36:52 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/05/05 13:36:52 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/05/05 13:36:52 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/05/05 13:36:52 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/05/05 13:36:51 | 00,000,000 | ---D | C] -- C:\2d0c860b4fbab27081df6c9e6435
[2009/05/05 13:30:15 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/05/05 13:30:15 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/05/05 13:30:15 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/05/05 13:30:15 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/05/05 13:30:15 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/05/05 13:30:14 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/05/05 13:30:14 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/05/05 13:30:14 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/05/05 13:30:14 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/05/05 13:30:13 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/05/05 13:30:12 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/05/05 13:30:12 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/05/05 13:29:49 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/05/05 13:29:49 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/05/05 13:29:49 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/05/05 13:21:14 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/05/05 13:20:34 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/05/05 13:20:23 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/05/05 13:20:19 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/05/05 13:20:15 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/05/05 13:19:54 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/05/05 11:59:28 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/05 11:56:22 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/05/05 11:33:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\U3
[2009/05/05 11:20:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Desktop\Great American
[2009/05/05 11:20:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Desktop\desktop resumes
[2009/05/05 11:04:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/05 10:56:24 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/05/05 10:56:24 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2009/05/05 10:56:24 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/05/05 10:56:16 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009/05/05 10:56:16 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009/05/05 10:56:16 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009/05/05 10:56:12 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/05/05 10:56:12 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/05/05 10:56:11 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/05/05 10:56:11 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/05/05 10:56:11 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/05/05 10:56:11 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/05/05 10:56:11 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/05/05 10:56:11 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/05/05 10:56:11 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/05/05 10:56:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/05/05 10:56:11 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/05/05 10:56:11 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/05/05 10:56:11 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/05/05 10:56:10 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/05/05 10:56:10 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/05/05 10:56:10 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/05/05 10:56:10 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/05/05 10:56:10 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/05/05 10:56:10 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/05/05 10:56:10 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/05/05 10:56:10 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/05/05 10:56:08 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/05/05 10:56:08 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/05/05 10:56:08 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/05/05 10:56:08 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/05/05 10:56:08 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/05/05 10:56:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/05/05 10:56:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/05/05 10:56:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/05/05 10:56:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/05/05 10:56:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/05/05 10:56:07 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/05/05 10:56:07 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/05/05 10:56:07 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/05/05 10:56:07 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/05/05 10:56:07 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/05/05 10:56:06 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2009/05/05 10:56:06 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/05/05 10:56:06 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/05/05 10:56:05 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/05/05 10:56:05 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/05/05 10:56:05 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/05/05 10:56:05 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/05/05 10:56:05 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/05/05 10:56:04 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/05/05 10:56:03 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2009/05/05 10:56:02 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2009/05/05 10:56:02 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2009/05/05 10:56:02 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/05/05 10:55:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/05/05 10:55:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/05/05 10:55:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/05/05 10:55:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/05/05 10:53:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/05/05 10:51:10 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2009/05/05 10:51:10 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2009/05/05 10:51:10 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2009/05/05 10:51:09 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2009/05/05 10:51:09 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/05/05 10:51:09 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/05/05 10:51:09 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/05/05 10:51:09 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2009/05/05 10:51:09 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2009/05/05 10:51:08 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/05/05 10:51:08 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2009/05/05 10:51:08 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2009/05/05 10:51:06 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/05/05 10:51:06 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/05/05 10:51:06 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/05/05 10:51:06 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/05/05 10:51:06 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/05/05 10:51:05 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/05/05 10:51:05 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2009/05/05 10:51:05 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2009/05/05 10:51:05 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2009/05/05 10:51:05 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/05/05 10:51:05 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/05/05 10:46:26 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/05/04 15:29:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Macromedia
[2009/05/04 15:02:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Mozilla
[2009/05/04 14:57:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Research In Motion
[2009/05/04 14:57:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Adobe
[2009/05/04 14:57:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\SiteAdvisor
[2009/05/04 14:57:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Application Data\Identities
[2009/05/04 14:57:21 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\desktop.ini
[2009/05/04 14:57:21 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Eric Groh\Local Settings\desktop.ini
[2009/05/04 14:57:21 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Eric Groh\Application Data\desktop.ini
[2009/05/04 14:57:21 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Eric Groh\Application Data\Microsoft
[2009/05/04 14:57:21 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Eric Groh\Local Settings\Temporary Internet Files
[2009/05/04 14:57:21 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Eric Groh\Local Settings\History
[2009/05/04 14:57:21 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Eric Groh\Local Settings\Application Data
[2009/05/04 14:57:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric Groh\Local Settings\Temp
[2009/05/04 14:44:24 | 00,000,000 | ---D | C] -- C:\Desktop Docs
[2009/04/29 17:35:43 | 00,000,000 | ---D | C] -- C:\sdat scan
[2009/04/29 13:24:43 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2008/09/25 10:11:32 | 01,304,194 | -HS- | C] () -- C:\WINDOWS\System32\xkgisqts.ini
[2008/09/24 10:16:20 | 01,224,581 | -HS- | C] () -- C:\WINDOWS\System32\ltnveiet.ini
[2008/09/23 10:12:40 | 01,231,183 | -HS- | C] () -- C:\WINDOWS\System32\ujlwnmif.ini
[2008/09/22 10:12:20 | 01,349,364 | -HS- | C] () -- C:\WINDOWS\System32\afehkjot.ini
[2008/09/21 10:09:16 | 01,352,896 | -HS- | C] () -- C:\WINDOWS\System32\elsuibda.ini
[2008/09/20 10:09:12 | 01,319,915 | -HS- | C] () -- C:\WINDOWS\System32\jdbcdnmw.ini
[2008/09/19 10:09:14 | 01,319,873 | -HS- | C] () -- C:\WINDOWS\System32\yoihcete.ini
[2008/09/18 10:07:40 | 01,321,309 | -HS- | C] () -- C:\WINDOWS\System32\jmkomsrq.ini
[2008/09/17 10:07:10 | 01,719,907 | -HS- | C] () -- C:\WINDOWS\System32\jcasffjf.ini
[2008/09/16 10:08:10 | 02,402,701 | -HS- | C] () -- C:\WINDOWS\System32\rptcmdtc.ini
[2008/09/15 10:08:08 | 01,395,158 | -HS- | C] () -- C:\WINDOWS\System32\bonfdfvp.ini
[2008/09/13 11:56:35 | 01,395,080 | -HS- | C] () -- C:\WINDOWS\System32\bolnlpgj.ini
[2008/09/12 11:56:03 | 01,352,004 | -HS- | C] () -- C:\WINDOWS\System32\ygutqeth.ini
[2008/09/11 11:53:01 | 01,351,153 | -HS- | C] () -- C:\WINDOWS\System32\prflwwld.ini
[2008/09/09 10:28:12 | 01,346,578 | -HS- | C] () -- C:\WINDOWS\System32\uaxnkwjt.ini
[2008/09/08 10:27:48 | 01,285,322 | -HS- | C] () -- C:\WINDOWS\System32\ccqvhwbb.ini
[2008/09/07 10:27:43 | 01,285,262 | -HS- | C] () -- C:\WINDOWS\System32\xncyxwsj.ini
[2008/09/06 10:27:54 | 01,285,202 | -HS- | C] () -- C:\WINDOWS\System32\mhsghrun.ini
[2008/09/05 10:30:20 | 01,400,985 | -HS- | C] () -- C:\WINDOWS\System32\ttkvqwkh.ini
[2008/09/04 10:30:18 | 01,400,925 | -HS- | C] () -- C:\WINDOWS\System32\gecpjgwt.ini
[2008/09/03 10:27:19 | 01,400,856 | -HS- | C] () -- C:\WINDOWS\System32\eeprkjlh.ini
[2008/09/02 10:27:18 | 01,346,116 | -HS- | C] () -- C:\WINDOWS\System32\tpesshbd.ini
[2008/09/01 10:27:18 | 01,346,056 | -HS- | C] () -- C:\WINDOWS\System32\mfehauwy.ini
[2008/08/31 10:24:36 | 01,345,996 | -HS- | C] () -- C:\WINDOWS\System32\skhkrjpq.ini
[2008/08/30 10:23:56 | 03,729,850 | -HS- | C] () -- C:\WINDOWS\System32\vxsxwsyd.ini
[2008/08/29 10:27:03 | 02,555,950 | -HS- | C] () -- C:\WINDOWS\System32\jamrdvle.ini
[2008/08/28 10:26:51 | 01,302,805 | -HS- | C] () -- C:\WINDOWS\System32\ilmegcsd.ini
[2008/08/27 10:21:12 | 01,354,134 | -HS- | C] () -- C:\WINDOWS\System32\ujnpjjjc.ini
[2008/08/26 10:25:24 | 01,333,990 | -HS- | C] () -- C:\WINDOWS\System32\ubqsxuck.ini
[2008/08/25 10:20:27 | 01,333,870 | -HS- | C] () -- C:\WINDOWS\System32\pjwhxobc.ini
[2008/08/24 10:20:27 | 01,333,516 | -HS- | C] () -- C:\WINDOWS\System32\oyxgsprv.ini
[2008/08/23 10:20:27 | 01,390,980 | -HS- | C] () -- C:\WINDOWS\System32\rtrdsumw.ini
[2008/08/22 10:17:52 | 01,580,691 | -HS- | C] () -- C:\WINDOWS\System32\nxthuxxw.ini
[2008/08/21 10:20:27 | 01,390,914 | -HS- | C] () -- C:\WINDOWS\System32\osnoftjo.ini
[2008/08/20 10:20:53 | 01,387,432 | -HS- | C] () -- C:\WINDOWS\System32\jydapspp.ini
[2008/08/19 10:16:35 | 01,417,839 | -HS- | C] () -- C:\WINDOWS\System32\hkvbrikn.ini
[2008/08/18 10:15:48 | 01,437,274 | -HS- | C] () -- C:\WINDOWS\System32\hhwhjjqv.ini
[2008/08/17 10:15:37 | 01,437,536 | -HS- | C] () -- C:\WINDOWS\System32\slrwrdxp.ini
[2008/08/16 10:15:37 | 01,437,477 | -HS- | C] () -- C:\WINDOWS\System32\nniepjww.ini
[2008/08/15 10:15:34 | 01,409,772 | -HS- | C] () -- C:\WINDOWS\System32\ujioxvbw.ini
[2008/08/14 10:13:45 | 01,409,712 | -HS- | C] () -- C:\WINDOWS\System32\ynptbcis.ini
[2008/08/14 10:12:56 | 01,355,078 | -HS- | C] () -- C:\WINDOWS\System32\lqpdrfkc.ini
[2008/08/13 09:55:29 | 01,315,307 | -HS- | C] () -- C:\WINDOWS\System32\istwkkum.ini
[2008/08/12 09:55:24 | 01,318,818 | -HS- | C] () -- C:\WINDOWS\System32\wcssooqu.ini
[2008/08/11 09:36:40 | 01,386,077 | -HS- | C] () -- C:\WINDOWS\System32\sjkiipex.ini
[2008/08/09 05:30:58 | 01,392,956 | -HS- | C] () -- C:\WINDOWS\System32\gksxavtp.ini
[2008/08/08 12:03:38 | 01,383,192 | -HS- | C] () -- C:\WINDOWS\System32\ufiwdror.ini
[2008/08/07 12:02:28 | 01,382,137 | -HS- | C] () -- C:\WINDOWS\System32\douhjoab.ini
[2008/08/06 12:03:16 | 01,382,137 | -HS- | C] () -- C:\WINDOWS\System32\hwphhuuy.ini
[2008/08/05 10:32:49 | 01,382,437 | -HS- | C] () -- C:\WINDOWS\System32\saufqauc.ini
[2008/08/05 10:31:33 | 00,004,656 | -HS- | C] () -- C:\WINDOWS\System32\yxxIOXyb.ini2
[2008/08/05 10:31:33 | 00,004,656 | -HS- | C] () -- C:\WINDOWS\System32\yxxIOXyb.ini
[2008/06/17 14:47:18 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/06/17 14:47:17 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/06/17 14:47:17 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/06/17 14:47:16 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/06/17 14:47:12 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/06/17 14:46:54 | 00,581,632 | R--- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2008/06/17 13:41:13 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2008/06/16 18:31:19 | 00,015,498 | R--- | C] () -- C:\WINDOWS\VX3000.ini
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/01/21 14:23:25 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/07/23 15:51:50 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/09 14:46:30 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2006/01/30 11:00:00 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1018.DLL
[2001/08/23 08:00:00 | 00,000,740 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 08:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/11 13:27:43 | 00,024,064 | -HS- | M] ( ) -- C:\WINDOWS\System32\autochk.dll
[2009/05/11 13:18:16 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\nfbto.sys
[2009/05/11 13:17:57 | 00,024,064 | -HS- | M] ( ) -- C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\ChkDisk.dll
[2009/05/11 13:17:57 | 00,000,655 | -HS- | M] () -- C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\ChkDisk.lnk
[2009/05/11 10:42:28 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Michael Capizzi.doc
[2009/05/11 02:14:39 | 00,027,648 | ---- | M] () -- C:\WINDOWS\System32\lmn_setup.exe
[2009/05/11 01:31:06 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/05/08 18:06:45 | 00,012,613 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/05/08 18:02:18 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/05/08 18:00:18 | 00,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/05/08 18:00:05 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/08 18:00:04 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Eric Groh\Local Settings\desktop.ini
[2009/05/08 17:59:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/08 17:59:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/08 15:54:01 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/08 13:23:02 | 00,022,453 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Infections.zip
[2009/05/08 13:11:21 | 00,000,869 | ---- | M] () -- C:\win_betaengdat
[2009/05/07 15:48:55 | 00,016,435 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Tyree Mims.docx
[2009/05/07 15:44:12 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Jim Ristagno.doc
[2009/05/07 15:34:20 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\~$rker Brickley.docx
[2009/05/07 15:05:19 | 00,000,980 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/05/07 14:29:43 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/05/07 14:28:51 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/05/07 13:36:44 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/05/07 13:31:56 | 00,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/05/07 12:50:24 | 00,000,080 | -HS- | M] () -- U:\desktop.ini
[2009/05/07 12:41:45 | 00,000,202 | ---- | M] () -- C:\43214354.bat
[2009/05/07 12:25:16 | 00,013,779 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Parker Brickley.docx
[2009/05/07 12:24:37 | 00,016,647 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\HENRY ARIAS.docx
[2009/05/07 12:05:04 | 00,016,933 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\James M.docx
[2009/05/07 12:03:47 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\~$yree R.docx
[2009/05/07 11:58:48 | 00,018,921 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Daniel.docx
[2009/05/07 11:58:37 | 00,016,452 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\Tyree R.docx
[2009/05/06 19:42:57 | 64,524,628 | ---- | M] () -- C:\Documents and Settings\Eric Groh\Desktop\win_betaengdat.zip
[2009/05/06 18:19:27 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/05/06 17:48:17 | 00,001,762 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/05/06 16:23:39 | 00,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/05 15:23:02 | 00,555,604 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/05 15:23:02 | 00,465,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/05 15:23:02 | 00,079,074 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/05 15:18:39 | 00,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/05 14:53:21 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/05/01 10:08:53 | 21,454,03904 | ---- | M] () -- C:\Eric's E-mail Backup 012309.pst
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/04/30 18:02:09 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/04/30 11:03:40 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\wedafini
[2009/04/29 13:24:43 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009/04/28 17:31:39 | 00,115,224 | ---- | M] () -- C:\img2-001.raw
< End of report >
  • 0

#7
grohfactor
Posted 11 May 2009 - 11:36 AM

grohfactor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
As a quick FYI, I have McAfee total protection... I have had them do some remote work on my computer, and they ran a couple of command line scans, and created a folder on my desktop labeled "infections"... so if you see that come up, that is something they created for their own reference... however, I did receive this from them today, which re-states my original thoughts on their ability to help me... they are useless:

Avert™ Sample Analysis
Issue Number: 5299351
Virus Researcher: Vivek Guruprasad
Identified: No Virus/Trojan

McAfee Avert™ Labs, Bangalore, India

Thank you for submitting your suspicious file.

Synopsis -

We have examined the file and didn't see anything suspicious.
As an additional test, we tried to run it on a test system and observed no suspicious behavior.

If you still believe this is a virus or trojan file, please provide more information on why you feel this is a suspect file.

If you have a system where you can do a test scan, you may first wish to try our beta DATs to get the latest detection available.
Beta DAT files are available at: <http://vil.mcafeesec...verttools.aspx>

In order to get the fastest possible response, you can submit future virus-samples to <http://www.webimmune.net>. In most cases it can respond almost instantly with a solution.

Support -

Virus Research accepts file-samples for analysis and possible inclusion into AV signature DAT sets. We are also prepared to answer general virus questions.

All product-related questions and comments can be addressed through technical support and customer service, including:

* Product installation and update questions
* Product usage questions
* Specific operating system/version questions
* Assistance with detection and cleaning or removal of viruses or trojans

Please use the following links to reach our technical support group for McAfee products.

Corporate Customers:
<http://www.mcafee.co...ort/index.html>

Single User/Retail Customers:
<http://service.mcafe...m/default.aspx>

Regards,

Vivek Guruprasad
McAfee® Avert® Labs
A division of McAfee, Inc.
  • 0

#8
heir
Posted 11 May 2009 - 11:49 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
I need to see the content of Extras.txt.

As you didn't save OtlistIt2.exe to your desktop as you should have you'll find that file in this location.

C:\Documents and Settings\Eric Groh\Local Settings\Temporary Internet Files\Content.IE5\ZKF1WOK6

Can you please post the content of that file?

It's important that you follow the instructions me and my colleagues give here as we rely on that

...they are useless:

I hope that I'll be able help you solve it then :)
  • 0

#9
grohfactor
Posted 11 May 2009 - 11:56 AM

grohfactor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
thanks Heir, I hope so too... sorry about the Extras.txt, I should have followed the directions better...

OTListIt Extras logfile created on: 5/11/2009 1:28:25 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.6 Folder = C:\Documents and Settings\Eric Groh\Local Settings\Temporary Internet Files\Content.IE5\ZKF1WOK6
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 300.62 Mb Available Physical Memory | 29.40% Memory free
2.31 Gb Paging File | 1.48 Gb Available in Paging File | 64.15% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.37 Gb Total Space | 202.03 Gb Free Space | 90.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 8.51 Gb Total Space | 1.12 Gb Free Space | 13.19% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive S: | 465.76 Gb Total Space | 440.97 Gb Free Space | 94.68% Space Free | Partition Type: NTFS
Drive U: | 465.76 Gb Total Space | 440.97 Gb Free Space | 94.68% Space Free | Partition Type: NTFS

Computer Name: DWS10
Current User Name: Eric Groh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"80:TCP" = 80:TCP:*:Enabled:SYS32DLL
"7171:TCP" = 7171:TCP:*:Enabled:SYS32DLL

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent (McAfee, Inc.)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe (Microsoft Corporation)
C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe (Microsoft Corporation)
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent (McAfee, Inc.)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe:*:Enabled:myAgtTry (McAfee, Inc.)
C:\Program Files\McAfee\Managed VirusScan\Agent\HtmlDlg.exe:*:Enabled:HtmlDlg (McAfee, Inc.)
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe:*:Enabled:RIMDeviceManager (Research In Motion Limited)
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe:*:Enabled:GrooveMonitor (Microsoft Corporation)
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrodist.exe:*:Enabled:AcroDist (Adobe Systems Incorporated.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034E061B-B3A3-4123-842E-10C1B6B3C8C7}" = BlackBerry Desktop Software 4.7
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2197CFFD-A914-4C25-96F2-C8AB711076A5}" = Sendouts Pro Outlook AddIn
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-F400-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B9BE2822-EE88-4C8B-B90D-EAB3496521EC}" = PerSonoCall
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C0044B93-4167-4457-9A4B-6D7704E0F3E2}" = Sendouts SourcePro Toolbar
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"AC3Filter" = AC3Filter (remove only)
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 7.0 Standard - EFG - V" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"BlackBerry_{034E061B-B3A3-4123-842E-10C1B6B3C8C7}" = BlackBerry Desktop Software 4.7
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Managed Firewall" = McAfee Firewall Protection Service
"McAfee SiteAdvisor" = McAfee Browser Protection Service
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MVS" = McAfee Virus and Spyware Protection Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RESUMate 10" = RESUMate 10
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/8/2009 12:22:09 PM | Computer Name = DWS10 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 5/8/2009 12:22:09 PM | Computer Name = DWS10 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 5/8/2009 12:22:09 PM | Computer Name = DWS10 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 5/8/2009 12:22:09 PM | Computer Name = DWS10 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 5/8/2009 12:22:09 PM | Computer Name = DWS10 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 5/8/2009 12:22:09 PM | Computer Name = DWS10 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 5/8/2009 12:22:09 PM | Computer Name = DWS10 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 5/8/2009 12:22:09 PM | Computer Name = DWS10 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 5/8/2009 1:14:42 PM | Computer Name = DWS10 | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x8007043c).

Error - 5/11/2009 11:49:01 AM | Computer Name = DWS10 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

[ OSession Events ]
Error - 2/25/2009 9:59:59 AM | Computer Name = DWS10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 76817
seconds with 4020 seconds of active time. This session ended with a crash.

Error - 3/6/2009 8:44:36 PM | Computer Name = DWS10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 609446
seconds with 37140 seconds of active time. This session ended with a crash.

Error - 3/19/2009 8:52:15 AM | Computer Name = DWS10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 167466
seconds with 9540 seconds of active time. This session ended with a crash.

Error - 3/21/2009 7:41:13 AM | Computer Name = DWS10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 164005
seconds with 9360 seconds of active time. This session ended with a crash.

Error - 4/10/2009 7:31:56 AM | Computer Name = DWS10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 592541
seconds with 18900 seconds of active time. This session ended with a crash.

Error - 4/10/2009 11:24:19 PM | Computer Name = DWS10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 46952
seconds with 1440 seconds of active time. This session ended with a crash.

Error - 4/14/2009 4:40:33 PM | Computer Name = DWS10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 109966
seconds with 11160 seconds of active time. This session ended with a crash.

Error - 4/29/2009 3:02:53 PM | Computer Name = DWS10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 3654
seconds with 420 seconds of active time. This session ended with a crash.

Error - 4/29/2009 4:54:55 PM | Computer Name = DWS10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 1475
seconds with 600 seconds of active time. This session ended with a crash.

Error - 5/5/2009 12:46:20 PM | Computer Name = DWS10 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session lasted 172
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/7/2009 2:09:06 PM | Computer Name = DWS10 | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\storage#removablemedia#7&343598db&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.

Error - 5/7/2009 2:09:06 PM | Computer Name = DWS10 | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\storage#removablemedia#7&59a1a41&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.

Error - 5/7/2009 2:10:46 PM | Computer Name = DWS10 | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\storage#removablemedia#7&19d12bf5&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.

Error - 5/7/2009 2:10:46 PM | Computer Name = DWS10 | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\storage#removablemedia#7&255493f1&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.

Error - 5/7/2009 2:10:46 PM | Computer Name = DWS10 | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\storage#removablemedia#7&343598db&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.

Error - 5/7/2009 2:10:46 PM | Computer Name = DWS10 | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\storage#removablemedia#7&59a1a41&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.

Error - 5/7/2009 2:44:23 PM | Computer Name = DWS10 | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\storage#removablemedia#7&19d12bf5&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.

Error - 5/7/2009 2:44:23 PM | Computer Name = DWS10 | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\storage#removablemedia#7&255493f1&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.

Error - 5/7/2009 2:44:23 PM | Computer Name = DWS10 | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\storage#removablemedia#7&343598db&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.

Error - 5/7/2009 2:44:23 PM | Computer Name = DWS10 | Source = LDMS | ID = 16780239
Description = The Logical Disk Manager Service failed while registering for device
handle notifications on device \\?\storage#removablemedia#7&59a1a41&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.
Win32 Error: 1381.


< End of report >
  • 0

#10
heir
Posted 11 May 2009 - 12:57 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Let's get going then.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Step 1.
SDFix:

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum

Step 2.
ComboFix:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Step 3.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 4.
Goored-scan:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.

Step 5.
Things I would like to see in your reply:

  • The content of C:\SDFix\report.txt from step 1.
  • The content of C:\ComboFix.txt from step 2.
  • The content of C:\lopR.txt from step 3.
  • The content of GooredLog.txt from step 4.

  • 0

Advertisements

#11
grohfactor
Posted 11 May 2009 - 01:38 PM

grohfactor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
SDFIX REPORT:



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 15:34:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Eric Groh\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe:*:Enabled:Managed

Services Agent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\system32\\winlogon.exe"="C:\\WINDOWS\\system32\\winlogon.exe:*:Enabled:winlogon"
"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtTry.exe"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtTry.exe:*:Enabled:myAgtTry"
"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\HtmlDlg.exe"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\HtmlDlg.exe:*:Enabled:HtmlDlg"
"C:\\Program Files\\Common Files\\Research In Motion\\RIMDeviceManager\\RIMDeviceManager.exe"="C:\\Program Files\\Common Files\\Research In

Motion\\RIMDeviceManager\\RIMDeviceManager.exe:*:Enabled:RIMDeviceManager"
"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"="C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe:*:Enabled:GrooveMonitor"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:rundll32"
"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\acrodist.exe"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\acrodist.exe:*:Enabled:AcroDist"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe:*:Enabled:Managed

Services Agent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

Remaining Files :



Files with Hidden Attributes :

Thu 12 Feb 2009 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 11 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!
  • 0

#12
grohfactor
Posted 11 May 2009 - 02:26 PM

grohfactor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
ComboFix

ComboFix 09-05-11.01 - Eric Groh 05/11/2009 16:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.639 [GMT -4:00]
Running from: c:\documents and settings\Eric Groh\Desktop\ComboFix.exe
AV: Total Protection Service *On-access scanning enabled* (Updated)
FW: Total Protection Service *disabled*
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\afehkjot.ini
c:\windows\system32\bolnlpgj.ini
c:\windows\system32\bonfdfvp.ini
c:\windows\system32\ccqvhwbb.ini
c:\windows\system32\douhjoab.ini
c:\windows\system32\drivers\ovfsthogexrufbpcvsnchrpbwdabjqiaqncnbw.sys
c:\windows\system32\eeprkjlh.ini
c:\windows\system32\elsuibda.ini
c:\windows\system32\gecpjgwt.ini
c:\windows\system32\gksxavtp.ini
c:\windows\system32\hhwhjjqv.ini
c:\windows\system32\hkvbrikn.ini
c:\windows\system32\hwphhuuy.ini
c:\windows\system32\ilmegcsd.ini
c:\windows\system32\istwkkum.ini
c:\windows\system32\jamrdvle.ini
c:\windows\system32\jcasffjf.ini
c:\windows\system32\jdbcdnmw.ini
c:\windows\system32\jmkomsrq.ini
c:\windows\system32\jydapspp.ini
c:\windows\system32\lmn_setup.exe
c:\windows\system32\lqpdrfkc.ini
c:\windows\system32\ltnveiet.ini
c:\windows\system32\mfehauwy.ini
c:\windows\system32\mhsghrun.ini
c:\windows\system32\nniepjww.ini
c:\windows\system32\nxthuxxw.ini
c:\windows\system32\osnoftjo.ini
c:\windows\system32\ovfsthaxecasnsipfapqldripvmlexosoulodb.dll
c:\windows\system32\ovfsthceoeoiqpweowmqccfurcxomrebcphdgr.dat
c:\windows\system32\ovfsthhcpnoktdmvwtjnieyvnaaervpkskkybb.dll
c:\windows\system32\ovfsthpipcvqmixtsywodhcpqymxpskkbvmewv.dll
c:\windows\system32\ovfsthvwjerkigtymcyrxrkahwltgptsknwquw.dat
c:\windows\system32\oyxgsprv.ini
c:\windows\system32\pjwhxobc.ini
c:\windows\system32\prflwwld.ini
c:\windows\system32\rptcmdtc.ini
c:\windows\system32\rtrdsumw.ini
c:\windows\system32\saufqauc.ini
c:\windows\system32\sjkiipex.ini
c:\windows\system32\skhkrjpq.ini
c:\windows\system32\slrwrdxp.ini
c:\windows\system32\tpesshbd.ini
c:\windows\system32\ttkvqwkh.ini
c:\windows\system32\uaxnkwjt.ini
c:\windows\system32\ubqsxuck.ini
c:\windows\system32\ufiwdror.ini
c:\windows\system32\ujioxvbw.ini
c:\windows\system32\ujlwnmif.ini
c:\windows\system32\ujnpjjjc.ini
c:\windows\system32\uniq.tll
c:\windows\system32\vxsxwsyd.ini
c:\windows\system32\wcssooqu.ini
c:\windows\system32\xkgisqts.ini
c:\windows\system32\xncyxwsj.ini
c:\windows\system32\ygutqeth.ini
c:\windows\system32\ynptbcis.ini
c:\windows\system32\yoihcete.ini
c:\windows\system32\yxxIOXyb.ini
c:\windows\system32\yxxIOXyb.ini2
H:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthgcmtorsmmmsmfsraftstokbecgcelujt
-------\Legacy_PASSWORD


((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.

2009-05-11 19:18 . 2009-05-11 19:18 578560 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-05-11 19:15 . 2009-05-11 19:15 -------- d-----w c:\windows\ERUNT
2009-05-11 19:06 . 2009-05-11 19:34 -------- d-----w C:\SDFix
2009-05-11 17:23 . 2009-05-11 17:23 -------- d-----w C:\Rooter$
2009-05-08 17:06 . 2009-05-08 17:21 -------- d-----w C:\scan
2009-05-08 16:32 . 2009-05-08 16:32 -------- d-----w c:\documents and settings\Eric Groh\Local Settings\Application Data\Citrix
2009-05-08 16:32 . 2009-05-08 16:32 61224 ----a-w c:\documents and settings\Eric Groh\GoToAssistDownloadHelper.exe
2009-05-07 19:01 . 2009-05-07 18:29 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-05-07 17:34 . 2009-05-07 18:28 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-05-07 17:31 . 2009-05-07 17:31 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-07 16:53 . 2009-05-07 16:54 -------- dc-h--w c:\windows\ie8
2009-05-07 15:04 . 2009-05-07 16:41 202 ----a-w C:\43214354.bat
2009-05-06 21:48 . 2009-05-06 21:48 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-06 20:23 . 2009-05-06 20:23 -------- d-----w c:\documents and settings\Eric Groh\Application Data\Malwarebytes
2009-05-06 20:23 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 20:23 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 20:23 . 2009-05-06 20:23 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-06 20:23 . 2009-05-06 20:23 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-06 20:08 . 2009-05-06 20:08 -------- d-----w c:\documents and settings\Eric Groh\Application Data\Windows Search
2009-05-06 10:36 . 2009-05-06 10:36 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-05 21:10 . 2009-05-05 21:10 -------- d-----w c:\documents and settings\Eric Groh\Application Data\AdobeUM
2009-05-05 17:37 . 2009-05-05 17:37 -------- d-----w c:\windows\system32\XPSViewer
2009-05-05 17:37 . 2009-05-05 17:37 -------- d-----w c:\program files\Reference Assemblies
2009-05-05 17:36 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-05 17:36 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-05 17:36 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-05 17:36 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-05 17:36 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-05 17:36 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-05 17:36 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-05 17:36 . 2009-05-05 17:37 -------- d-----w C:\2d0c860b4fbab27081df6c9e6435
2009-05-05 17:30 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-05-05 17:30 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-05-05 17:30 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-05-05 17:30 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-05-05 17:30 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-05 17:30 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-05-05 17:30 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-05-05 17:30 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-05-05 17:30 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-05-05 17:30 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-05 17:30 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-05 17:30 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-05 17:29 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-05-05 17:29 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-05-05 17:21 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-05-05 17:20 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-05 17:20 . 2008-09-04 17:15 1106944 -c----w c:\windows\system32\dllcache\msxml3.dll
2009-05-05 17:20 . 2008-10-15 16:34 337408 -c----w c:\windows\system32\dllcache\netapi32.dll
2009-05-05 17:20 . 2008-05-01 14:33 331776 -c----w c:\windows\system32\dllcache\msadce.dll
2009-05-05 17:19 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-05-05 16:48 . 2009-05-05 16:48 -------- d-----w c:\documents and settings\Eric Groh\Local Settings\Application Data\assembly
2009-05-05 15:56 . 2009-05-05 19:20 69624 ----a-w c:\documents and settings\Eric Groh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-05 15:56 . 2009-05-05 15:56 -------- d-----w c:\program files\Windows Defender
2009-05-05 15:33 . 2009-05-05 15:35 -------- d-----w c:\documents and settings\Eric Groh\Application Data\U3
2009-05-05 15:16 . 2009-05-05 15:16 -------- d-sh--w c:\documents and settings\Eric Groh\IECompatCache
2009-05-05 15:16 . 2009-05-05 15:16 -------- d-sh--w c:\documents and settings\Eric Groh\PrivacIE
2009-05-05 15:14 . 2009-05-05 15:14 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-05 15:13 . 2009-05-05 15:13 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-05 15:13 . 2009-05-05 15:13 -------- d-sh--w c:\documents and settings\Eric Groh\IETldCache
2009-05-05 14:55 . 2008-04-14 09:42 32866 ------w c:\windows\slrundll.exe
2009-05-05 14:55 . 2009-05-05 14:55 -------- d-----w c:\windows\system32\scripting
2009-05-05 14:55 . 2009-05-05 14:55 -------- d-----w c:\windows\l2schemas
2009-05-05 14:55 . 2009-05-05 14:55 -------- d-----w c:\windows\system32\en
2009-05-05 14:55 . 2009-05-05 14:55 -------- d-----w c:\windows\system32\bits
2009-05-05 14:53 . 2009-05-05 14:56 -------- d-----w c:\windows\ServicePackFiles
2009-05-04 19:02 . 2009-05-04 19:02 -------- d-----w c:\documents and settings\Eric Groh\Local Settings\Application Data\Mozilla
2009-05-04 18:45 . 2009-04-29 22:18 256 ----a-w c:\documents and settings\Test\pool.bin
2009-05-04 18:44 . 2009-05-04 18:44 -------- d-----w C:\Desktop Docs
2009-05-04 18:38 . 2009-05-04 18:38 -------- d-----w c:\documents and settings\Administrator.DWS01\Local Settings\Application Data\Apple Computer
2009-05-04 01:31 . 2009-05-04 01:31 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Research In Motion
2009-05-04 01:30 . 2009-05-04 14:27 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SiteAdvisor
2009-04-29 21:35 . 2009-04-30 22:52 -------- d-----w C:\sdat scan
2009-04-29 16:54 . 2009-04-29 16:59 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\HPAppData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 20:20 . 2009-01-26 19:22 256 ----a-w c:\windows\system32\pool.bin
2009-05-08 19:54 . 2008-12-22 18:16 1324 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-07 17:31 . 2006-12-05 19:31 -------- d-----w c:\program files\Lavasoft
2009-05-07 15:13 . 2009-01-22 17:09 -------- d-----w c:\program files\Java
2009-05-06 21:48 . 2006-07-25 15:54 -------- d-----w c:\program files\Common Files\Adobe
2009-05-05 17:37 . 2008-06-17 19:53 -------- d-----w c:\program files\MSBuild
2009-05-05 14:58 . 2006-07-23 16:17 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-29 18:02 . 2008-09-30 18:45 -------- d-----w c:\program files\HP
2009-04-29 16:42 . 2009-04-02 21:50 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-27 18:46 . 2009-04-02 23:11 -------- d-----w c:\program files\Windows Live Safety CenterRebootActions
2009-04-17 03:09 . 2008-08-07 21:21 -------- d-----w c:\program files\SiteAdvisor
2009-03-16 17:25 . 2006-12-05 17:23 -------- d-----w c:\program files\Trillian
2009-03-09 09:19 . 2009-01-22 17:09 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 08:34 . 2004-08-04 05:56 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-08-04 05:56 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-08-04 05:56 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-08-04 05:56 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-08-04 05:56 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-08-04 05:56 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-08-04 05:56 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-08-04 05:56 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-08-04 05:56 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2001-08-23 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 05:56 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 16:24 . 2008-08-07 21:21 55208 ----a-w c:\windows\system32\drivers\mfetdik.sys
2009-03-03 16:24 . 2008-08-07 21:21 34216 ----a-w c:\windows\system32\drivers\MfeRKDK.sys
2009-03-03 16:23 . 2008-08-07 21:21 213768 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-03 16:23 . 2008-08-07 21:21 35272 ----a-w c:\windows\system32\drivers\MfeBOPK.sys
2009-03-03 16:23 . 2008-08-07 21:21 79880 ----a-w c:\windows\system32\drivers\MfeAVFK.sys
2008-08-05 14:59 . 2008-08-05 14:59 7499056 ----a-w c:\program files\Firefox Setup 3.0.1.exe
2008-06-16 23:03 . 2008-06-16 23:03 22414120 ----a-w c:\program files\SkypeSetup.exe
2008-06-04 19:58 . 2008-06-04 19:58 28868320 ----a-w c:\program files\FileFormatConverters.exe
2007-01-21 18:20 . 2007-01-21 18:20 18341688 ----a-w c:\program files\WDM_A397.exe
2006-12-05 19:30 . 2006-12-05 19:30 2855080 ----a-w c:\program files\aawsepersonal.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 344064]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe" [2009-04-13 468288]
"McAfee Managed Services Tray"="c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" [2009-04-13 87360]
"SiteAdvisor"="c:\program files\SiteAdvisor\6173\SiteAdv.exe" [2007-08-28 36640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-07 516440]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SYS32DLL"="SYS32DLL" [X]

c:\documents and settings\Eric Groh\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe [2008-12-22 25214]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-11-4 1545488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtTry.exe"=
"c:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\HtmlDlg.exe"=
"c:\\Program Files\\Common Files\\Research In Motion\\RIMDeviceManager\\RIMDeviceManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\acrodist.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/7/2009 1:34 PM 64160]
R2 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [8/7/2008 5:21 PM 14144]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 953168]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [8/7/2008 5:18 PM 175704]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S1 ppvitimi;ppvitimi;\??\c:\windows\system32\drivers\ppvitimi.sys --> c:\windows\system32\drivers\ppvitimi.sys [?]
S3 CXFALCON;Conexant Falcon II NTSC Video Capture;c:\windows\system32\drivers\cxfalcon.sys [2/9/2006 12:34 PM 80384]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [6/17/2008 4:15 PM 468768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fe7c4ae-655c-11dd-90be-00c0a8ae31bf}]
\Shell\AutoRun\command - D:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:28]

2009-05-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-uidenhiufgsduiazghs - c:\windows\TEMP\ijvbdswv3.exe
Notify-xxyArPJd - xxyArPJd.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 16:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2412)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\SiteAdvisor\6173\SAService.exe
c:\windows\system32\searchindexer.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\McAfee\MANAGE~1\VScan\McShield.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
c:\program files\Adobe\Acrobat 7.0\Distillr\acrodist.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\searchfilterhost.exe
c:\program files\McAfee\Managed VirusScan\Agent\myUsrSrv4.7.0.752.exe
.
**************************************************************************
.
Completion time: 2009-05-11 16:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-11 20:22

Pre-Run: 217,115,279,360 bytes free
Post-Run: 217,099,853,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

338 --- E O F --- 2009-05-07 14:51
  • 0

#13
grohfactor
Posted 11 May 2009 - 02:32 PM

grohfactor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
C:Lop

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon™ 64 X2 Dual Core Processor 4200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Eric Groh ( Administrator )
BOOT : Normal boot
Antivirus : Total Protection Service 4.7.0.752 (Activated)
Firewall : Total Protection Service 4.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:224 Go (Free:202 Go)
D:\ (USB)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (Local Disk) - FAT32 - Total:8 Go (Free:1 Go)
K:\ (USB)
L:\ (USB)
S:\ (Network Disk) - NTFS - Total:465 Go (Free:440 Go)
U:\ (Network Disk) - NTFS - Total:465 Go (Free:440 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Mon 05/11/2009|16:29 )

--------------------\\ Listing folders in APPLIC~1

[10/13/2008|11:46] C:\DOCUME~1\ADMINI~1.DWS\APPLIC~1\<DIR> Adobe
[10/13/2008|11:47] C:\DOCUME~1\ADMINI~1.DWS\APPLIC~1\<DIR> HP
[06/17/2008|02:58] C:\DOCUME~1\ADMINI~1.DWS\APPLIC~1\<DIR> Identities
[12/22/2008|02:14] C:\DOCUME~1\ADMINI~1.DWS\APPLIC~1\<DIR> Macromedia
[05/04/2009|02:38] C:\DOCUME~1\ADMINI~1.DWS\APPLIC~1\<DIR> Microsoft
[06/17/2008|02:59] C:\DOCUME~1\ADMINI~1.DWS\APPLIC~1\<DIR> Research In Motion
[10/13/2008|11:46] C:\DOCUME~1\ADMINI~1.DWS\APPLIC~1\<DIR> SiteAdvisor

[02/11/2009|11:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[05/07/2009|01:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[05/06/2009|05:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/05/2008|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> American Express Online Assistant
[02/11/2009|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[02/11/2009|11:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[10/22/2008|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[09/30/2008|03:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard
[04/29/2009|02:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[05/07/2009|01:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[05/06/2009|04:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[08/07/2008|05:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[05/05/2009|11:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[04/29/2009|06:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[06/17/2008|02:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[01/17/2007|11:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[08/07/2008|05:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor
[10/11/2008|02:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Skype
[07/23/2006|03:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[07/23/2006|12:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[05/06/2009|05:48] C:\DOCUME~1\ERICGR~1\APPLIC~1\<DIR> Adobe
[05/05/2009|05:10] C:\DOCUME~1\ERICGR~1\APPLIC~1\<DIR> AdobeUM
[05/04/2009|02:57] C:\DOCUME~1\ERICGR~1\APPLIC~1\<DIR> Identities
[05/04/2009|03:29] C:\DOCUME~1\ERICGR~1\APPLIC~1\<DIR> Macromedia
[05/06/2009|04:23] C:\DOCUME~1\ERICGR~1\APPLIC~1\<DIR> Malwarebytes
[05/07/2009|03:25] C:\DOCUME~1\ERICGR~1\APPLIC~1\<DIR> Microsoft
[05/04/2009|03:02] C:\DOCUME~1\ERICGR~1\APPLIC~1\<DIR> Mozilla
[05/04/2009|02:57] C:\DOCUME~1\ERICGR~1\APPLIC~1\<DIR> Research In Motion
[05/04/2009|02:57] C:\DOCUME~1\ERICGR~1\APPLIC~1\<DIR> SiteAdvisor
[05/07/2009|11:09] C:\DOCUME~1\ERICGR~1\APPLIC~1\<DIR> Sun
[05/05/2009|11:35] C:\DOCUME~1\ERICGR~1\APPLIC~1\<DIR> U3
[05/06/2009|04:08] C:\DOCUME~1\ERICGR~1\APPLIC~1\<DIR> Windows Search
[05/07/2009|12:43] C:\DOCUME~1\ERICGR~1\APPLIC~1\<DIR> WinRAR

[01/26/2009|03:09] C:\DOCUME~1\kgonz\APPLIC~1\<DIR> Blackberry Desktop

[01/11/2007|06:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[05/04/2009|10:27] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SiteAdvisor

[08/11/2008|11:52] C:\DOCUME~1\MCAFEE~1\APPLIC~1\<DIR> Microsoft

[05/05/2009|01:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[01/23/2009|07:19] C:\DOCUME~1\Test\APPLIC~1\<DIR> Adobe
[01/26/2009|05:40] C:\DOCUME~1\Test\APPLIC~1\<DIR> AdobeUM
[03/20/2009|10:42] C:\DOCUME~1\Test\APPLIC~1\<DIR> Apple Computer
[01/26/2009|03:24] C:\DOCUME~1\Test\APPLIC~1\<DIR> Blackberry Desktop
[01/23/2009|05:58] C:\DOCUME~1\Test\APPLIC~1\<DIR> Identities
[02/16/2009|05:11] C:\DOCUME~1\Test\APPLIC~1\<DIR> LimeWire
[01/23/2009|07:19] C:\DOCUME~1\Test\APPLIC~1\<DIR> Macromedia
[04/21/2009|11:28] C:\DOCUME~1\Test\APPLIC~1\<DIR> Microsoft
[01/23/2009|08:32] C:\DOCUME~1\Test\APPLIC~1\<DIR> Mozilla
[01/23/2009|06:32] C:\DOCUME~1\Test\APPLIC~1\<DIR> Research In Motion
[01/26/2009|02:58] C:\DOCUME~1\Test\APPLIC~1\<DIR> SiteAdvisor
[04/29/2009|01:43] C:\DOCUME~1\Test\APPLIC~1\<DIR> Skype
[04/29/2009|08:06] C:\DOCUME~1\Test\APPLIC~1\<DIR> skypePM
[02/02/2009|06:23] C:\DOCUME~1\Test\APPLIC~1\<DIR> Sun
[01/26/2009|03:33] C:\DOCUME~1\Test\APPLIC~1\<DIR> Windows Search
[01/29/2009|05:50] C:\DOCUME~1\Test\APPLIC~1\<DIR> WinRAR

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[05/11/2009 01:35 PM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[05/11/2009 04:20 PM][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job
[06/16/2008 06:31 PM][--ah-----] C:\WINDOWS\tasks\Microsoft_Hardware_Launch_setup_exe.job
[05/11/2009 04:17 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/23/2001 08:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[08/09/2007|01:51] C:\Program Files\<DIR> AC3Filter
[05/06/2009|05:49] C:\Program Files\<DIR> Adobe
[02/11/2009|11:26] C:\Program Files\<DIR> Apple Software Update
[07/23/2006|04:05] C:\Program Files\<DIR> ATI Technologies
[07/30/2008|10:31] C:\Program Files\<DIR> Citrix
[05/11/2009|04:14] C:\Program Files\<DIR> Common Files
[07/23/2006|12:15] C:\Program Files\<DIR> ComPlus Applications
[01/19/2009|12:21] C:\Program Files\<DIR> DVDVideoSoft
[04/29/2009|02:02] C:\Program Files\<DIR> HP
[01/21/2007|02:23] C:\Program Files\<DIR> InstallShield Installation Information
[05/07/2009|12:55] C:\Program Files\<DIR> Internet Explorer
[02/11/2009|11:31] C:\Program Files\<DIR> iPod
[02/11/2009|11:31] C:\Program Files\<DIR> iTunes
[05/07/2009|11:13] C:\Program Files\<DIR> Java
[05/07/2009|01:31] C:\Program Files\<DIR> Lavasoft
[02/24/2009|12:36] C:\Program Files\<DIR> LimeWire
[05/06/2009|04:23] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/07/2008|05:25] C:\Program Files\<DIR> McAfee
[05/05/2009|01:31] C:\Program Files\<DIR> Messenger
[07/23/2006|12:18] C:\Program Files\<DIR> microsoft frontpage
[06/16/2008|06:36] C:\Program Files\<DIR> Microsoft LifeCam
[06/17/2008|03:53] C:\Program Files\<DIR> Microsoft Office
[02/06/2009|11:10] C:\Program Files\<DIR> Microsoft Silverlight
[07/23/2006|03:45] C:\Program Files\<DIR> Microsoft Visual Studio
[06/17/2008|03:50] C:\Program Files\<DIR> Microsoft Visual Studio 8
[06/17/2008|03:53] C:\Program Files\<DIR> Microsoft Works
[06/17/2008|03:52] C:\Program Files\<DIR> Microsoft.NET
[05/05/2009|10:55] C:\Program Files\<DIR> Movie Maker
[05/08/2009|11:42] C:\Program Files\<DIR> Mozilla Firefox
[05/05/2009|01:37] C:\Program Files\<DIR> MSBuild
[06/04/2008|03:58] C:\Program Files\<DIR> MSECache
[07/23/2006|12:14] C:\Program Files\<DIR> MSN
[07/23/2006|12:14] C:\Program Files\<DIR> MSN Gaming Zone
[11/18/2006|07:01] C:\Program Files\<DIR> MSXML 4.0
[01/26/2009|03:05] C:\Program Files\<DIR> MSXML 6.0
[05/05/2009|10:52] C:\Program Files\<DIR> NetMeeting
[09/30/2008|04:00] C:\Program Files\<DIR> New Folder
[07/23/2006|12:15] C:\Program Files\<DIR> Online Services
[05/05/2009|10:52] C:\Program Files\<DIR> Outlook Express
[12/05/2008|12:28] C:\Program Files\<DIR> Plantronics
[02/11/2009|11:29] C:\Program Files\<DIR> QuickTime
[01/21/2007|02:23] C:\Program Files\<DIR> Realtek AC97
[05/05/2009|01:37] C:\Program Files\<DIR> Reference Assemblies
[05/22/2007|11:24] C:\Program Files\<DIR> Research In Motion
[07/30/2008|01:35] C:\Program Files\<DIR> RESUMate for Windows
[02/20/2009|11:44] C:\Program Files\<DIR> Sendouts Pro
[10/01/2008|11:10] C:\Program Files\<DIR> Sendouts Pro Outlook AddIn
[10/01/2008|11:10] C:\Program Files\<DIR> Sendouts SourcePro Toolbar
[04/16/2009|11:09] C:\Program Files\<DIR> SiteAdvisor
[10/11/2008|02:41] C:\Program Files\<DIR> Skype
[12/22/2008|02:16] C:\Program Files\<DIR> SystemRequirementsLab
[03/16/2009|01:25] C:\Program Files\<DIR> Trillian
[07/23/2006|03:25] C:\Program Files\<DIR> Uninstall Information
[05/05/2009|11:56] C:\Program Files\<DIR> Windows Defender
[11/19/2008|11:52] C:\Program Files\<DIR> Windows Desktop Search
[04/29/2009|12:42] C:\Program Files\<DIR> Windows Live Safety Center
[04/27/2009|02:46] C:\Program Files\<DIR> Windows Live Safety CenterRebootActions
[12/11/2006|08:20] C:\Program Files\<DIR> Windows Media Connect 2
[05/05/2009|10:52] C:\Program Files\<DIR> Windows Media Player
[05/05/2009|10:52] C:\Program Files\<DIR> Windows NT
[07/23/2006|12:17] C:\Program Files\<DIR> WindowsUpdate
[10/11/2008|03:38] C:\Program Files\<DIR> WinRAR
[07/23/2006|12:18] C:\Program Files\<DIR> xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[05/06/2009|05:48] C:\Program Files\Common Files\<DIR> Adobe
[05/06/2009|05:48] C:\Program Files\Common Files\<DIR> Adobe AIR
[02/11/2009|11:31] C:\Program Files\Common Files\<DIR> Apple
[07/23/2006|03:41] C:\Program Files\Common Files\<DIR> Cisco Systems
[06/17/2008|03:53] C:\Program Files\Common Files\<DIR> DESIGNER
[01/19/2009|12:21] C:\Program Files\Common Files\<DIR> DVDVideoSoft
[09/30/2008|02:47] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[05/22/2007|11:22] C:\Program Files\Common Files\<DIR> InstallShield
[08/07/2008|05:22] C:\Program Files\Common Files\<DIR> McAfee
[10/01/2008|11:07] C:\Program Files\Common Files\<DIR> Microsoft Shared
[07/23/2006|12:16] C:\Program Files\Common Files\<DIR> MSSoap
[07/23/2006|08:08] C:\Program Files\Common Files\<DIR> ODBC
[12/05/2008|12:28] C:\Program Files\Common Files\<DIR> Plantronics
[01/26/2009|03:07] C:\Program Files\Common Files\<DIR> Research In Motion
[07/23/2006|12:16] C:\Program Files\Common Files\<DIR> Services
[10/11/2008|02:40] C:\Program Files\Common Files\<DIR> Skype
[07/23/2006|08:08] C:\Program Files\Common Files\<DIR> SpeechEngines
[05/05/2009|10:52] C:\Program Files\Common Files\<DIR> System

--------------------\\ Process

( 58 Processes )

iexplore.exe ~ [PID:2164]
iexplore.exe ~ [PID:2880]
iexplore.exe ~ [PID:2888]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\ERICGR~1\Cookies\[email protected][2].txt
C:\DOCUME~1\ERICGR~1\Cookies\eric_groh@advertising[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 16:30:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:4][D:1]-> C:\DOCUME~1\ERICGR~1\LOCALS~1\Temp
[F:198][D:0]-> C:\DOCUME~1\ERICGR~1\Cookies
[F:166][D:4]-> C:\DOCUME~1\ERICGR~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Mon 05/11/2009|16:31 - Option : [1]

--------------------\\ Scan completed at 16:31:31
  • 0

#14
grohfactor
Posted 11 May 2009 - 02:34 PM

grohfactor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
GooredFix v1.92 by jpshortstuff
Log created at 16:33 on 11/05/2009 running Option #1 (Eric Groh)
Firefox version [Unable to determine]

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{F689EB5C-EC7B-4046-89B2-CC565C331730}

C:\Program Files\Mozilla Firefox\extensions\{F09143A3-444A-4FC3-AD06-EE550C3E66D6}

C:\Program Files\Mozilla Firefox\extensions\{E3ACF27A-D819-4777-A24E-938D2956370E}

C:\Program Files\Mozilla Firefox\extensions\{E05F25AF-CE56-4A04-BD4A-D05502CE5093}

C:\Program Files\Mozilla Firefox\extensions\{DF42EBB0-E778-4F92-A4E0-7159110D91D0}

C:\Program Files\Mozilla Firefox\extensions\{C851BF49-FEB5-45E3-9454-D6419C762F67}

C:\Program Files\Mozilla Firefox\extensions\{C361E529-A1A8-42A3-9EBA-142511492E72}

C:\Program Files\Mozilla Firefox\extensions\{B03E079F-D2B0-4724-87FF-627C9BF7C37A}

C:\Program Files\Mozilla Firefox\extensions\{A65EE25D-1002-4291-848E-847347D93E59}

C:\Program Files\Mozilla Firefox\extensions\{A4BB4448-E5D1-4485-AC20-533A7F1E968B}

C:\Program Files\Mozilla Firefox\extensions\{A49BB67B-FE5E-4D1F-B8D1-1E9B4BB9D273}

C:\Program Files\Mozilla Firefox\extensions\{9EA5B66B-6C5B-4C2C-880C-82413B955665}

C:\Program Files\Mozilla Firefox\extensions\{9903496B-C0E4-428F-80BA-64F6F99F5A7A}

C:\Program Files\Mozilla Firefox\extensions\{915E2611-A008-435B-8E57-6016A4B0C0E7}

C:\Program Files\Mozilla Firefox\extensions\{882E420B-D109-4A78-BFA2-7866A5C081E0}

C:\Program Files\Mozilla Firefox\extensions\{8664886D-B031-496B-A750-64DA4FFFA2FF}

C:\Program Files\Mozilla Firefox\extensions\{82CE0DED-CB76-4EA1-999C-25B154B99A61}

C:\Program Files\Mozilla Firefox\extensions\{82C30042-C896-4135-931C-EBDD5AAB088C}

C:\Program Files\Mozilla Firefox\extensions\{7B8CA6D2-D9F1-4B26-9CED-F5DBA003B823}

C:\Program Files\Mozilla Firefox\extensions\{744DD12F-67CB-4384-A9E7-79206468B059}

C:\Program Files\Mozilla Firefox\extensions\{70550096-CF19-48E8-BC30-AA7CBCF7E64A}

C:\Program Files\Mozilla Firefox\extensions\{6FFC9017-DDA9-46AB-B293-2588DDEE9E5C}

C:\Program Files\Mozilla Firefox\extensions\{6736B158-AFFE-4A8B-B913-4065C8F4CAEC}

C:\Program Files\Mozilla Firefox\extensions\{5F71B4A0-6F3B-4AFA-80B6-484773E3F098}

C:\Program Files\Mozilla Firefox\extensions\{50864C6A-1F3F-4F42-92C7-C0AF3D311043}

C:\Program Files\Mozilla Firefox\extensions\{45715A67-430E-4B58-B964-10378E65514C}

C:\Program Files\Mozilla Firefox\extensions\{44046F12-1F85-4059-A0A2-E12128AB279E}

C:\Program Files\Mozilla Firefox\extensions\{42E391D9-967D-4C04-8B27-2E3899927FC7}

C:\Program Files\Mozilla Firefox\extensions\{3C541550-33DA-4F72-8C1B-7D3DBD3A46F1}

C:\Program Files\Mozilla Firefox\extensions\{388C4307-6B90-401C-BA15-25288B05618D}

C:\Program Files\Mozilla Firefox\extensions\{306E346D-346D-4C1D-A93E-DDA95EF74379}

C:\Program Files\Mozilla Firefox\extensions\{2FB53317-D20C-4D9D-AD03-4438D1956255}

C:\Program Files\Mozilla Firefox\extensions\{26104708-C5A8-4587-8144-635B1B93FD5E}

C:\Program Files\Mozilla Firefox\extensions\{1B1C9D94-DDA4-4B54-AB94-38C045B9F54B}

C:\Program Files\Mozilla Firefox\extensions\{172A95B0-461B-4DE6-9BB9-24B14A5CF360}

C:\Program Files\Mozilla Firefox\extensions\{0F1EB8A4-D805-47A5-B60E-37342568AB75}

C:\Program Files\Mozilla Firefox\extensions\{08D4E45B-A77E-4A34-8D08-1AE3CF6C6878}

C:\Program Files\Mozilla Firefox\extensions\{08C3E2B2-28C6-4319-8F30-AB3BF74AB4C9}

C:\Program Files\Mozilla Firefox\extensions\{034362E6-EEA5-4B10-8857-4886664B841A}

C:\Program Files\Mozilla Firefox\extensions\{018D39D1-1D72-456A-AD75-95CCADA749D1}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"
  • 0

#15
heir
Posted 11 May 2009 - 02:47 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Sorry for the amount of steps, I'll try to reduce them from now on.
Looks as we've managed to remove some at least.
Let move on then

Step 1.
Goored-fix:

Please double-click GooredFix.exe on your Desktop to run it.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

Step 2.
OTL-scan:

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 3.
Things I would like to see in your reply:

  • The content of GooredLog.txt from step 1.
  • The content of OTListIt.txt on your desktop from step 2.
  • Information on how your computer is running now.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP