BleepingComputer.com: Google redirect virus

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

Google redirect virus

#1 User is offline   shrimpboat 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 24-December 09

Posted 24 December 2009 - 11:07 PM

Virus slows down Firefox and IE and redirects google searches, but Opera seems completely unaffected. Computer has blue screened a few times. avast!, Malwarebytes, and Spyware Search & Destroy haven't detected it. Ad-Aware seemed to take care of the redirecting part, but only for about a day.

Here's my DDS log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Shrimpboat at 20:18:14.55 on Thu 12/24/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1790.195 [GMT -7:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Shrimpboat\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Shrimpboat\Downloads\RootRepeal.exe
C:\Users\Shrimpboat\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
mSearch Bar = hxxp://srch-qus8.hpwis.com/
uInternet Settings,ProxyOverride = *.local
mCustomizeSearch = hxxp://ie.search.msn.com
mSearchAssistant = hxxp://ie.search.msn.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Conime] %windir%\system32\conime.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
StartupFolder: c:\users\shrimp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shrimpboat\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\shrimp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\shrimp~1\appdata\roaming\mozilla\firefox\profiles\f9rg6sat.default\
FF - prefs.js: browser.startup.homepage - hxxp://kompepperochu.deviantart.com/
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\opera\program\plugins\npmmaud.dll
FF - plugin: c:\program files\opera\program\plugins\npmmprog.dll
FF - plugin: c:\program files\opera\program\plugins\npmmvid.dll
FF - plugin: c:\program files\opera\program\plugins\npmmzip.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-4-9 39472]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-18 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-28 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-11-28 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-11-28 138680]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2009-8-5 284016]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-28 210216]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-24 361808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-19 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-1 3032360]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-28 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-28 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-11-28 352920]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-10 43040]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-1 15144]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-24 193840]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-3-20 27904]

=============== Created Last 30 ================

2009-12-23 20:15:56 0 d-----w- c:\program files\Trend Micro
2009-12-19 18:24:43 177 ----a-w- c:\windows\wininit.ini
2009-12-19 17:57:01 0 d-----w- c:\users\shrimp~1\appdata\roaming\Malwarebytes
2009-12-19 17:56:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-19 17:56:50 0 d-----w- c:\programdata\Malwarebytes
2009-12-19 17:56:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 17:56:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-19 17:48:57 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-19 17:48:57 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 16:58:50 4608 ----a-w- c:\windows\system32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-19 05:05:28 0 d-----w- c:\programdata\WindowsSearch
2009-12-19 02:13:02 9548 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-19 02:13:02 2523168 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-19 02:12:42 2506 ----a-w- C:\rollback.ini
2009-12-19 01:56:24 0 d-----w- c:\program files\common files\ParetoLogic
2009-12-19 01:56:23 0 d-----w- c:\programdata\ParetoLogic
2009-12-18 09:22:38 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-18 06:13:14 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-17 21:38:23 0 d-----w- c:\users\shrimp~1\appdata\roaming\Auslogics
2009-12-17 21:38:20 0 d-----w- c:\program files\Auslogics
2009-12-10 12:07:13 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 12:07:07 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 12:07:06 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 14:09:00 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 14:07:34 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 14:07:33 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-02 06:03:42 0 d-----w- c:\windows\system32\EventProviders
2009-12-01 00:11:06 0 d-----w- c:\program files\Windows Journal Viewer
2009-11-30 09:38:20 104672 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-11-27 21:49:29 0 d-----w- c:\programdata\kds_kodak
2009-11-27 21:49:23 3 ----a-w- c:\windows\Twain001.Mtx
2009-11-27 21:49:23 156 ----a-w- c:\windows\Twunk001.MTX
2009-11-27 21:49:23 0 ----a-w- c:\windows\Twunk002.MTX
2009-11-27 21:40:28 0 d-----w- c:\programdata\Eastman Kodak Company
2009-11-27 21:39:59 890 ----a-w- c:\windows\system32\InstallUtil.InstallLog
2009-11-27 21:30:18 0 d-----w- c:\windows\system32\kodak
2009-11-27 21:29:12 0 d-----w- c:\program files\Kodak
2009-11-27 21:24:56 0 d-----w- c:\programdata\Kodak
2009-11-27 21:23:40 0 d-----w- c:\users\shrimp~1\appdata\roaming\Temp
2009-11-25 12:02:21 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 04:54:14 1399296 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 04:54:13 1257472 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 04:53:57 714240 ----a-w- c:\windows\system32\timedate.cpl

==================== Find3M ====================

2009-12-25 02:49:16 43034 ----a-w- c:\programdata\nvModes.dat
2009-12-18 09:22:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-10 05:10:51 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-10 05:10:50 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-10 05:10:50 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-24 23:49:48 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-06 01:04:26 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-11-03 03:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2008-06-25 03:46:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-08 03:50:50 56 --sha-r- c:\windows\system32\CD008D9325.sys
2009-04-20 17:21:39 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2008-10-13 14:21:22 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:20:10.23 ===============

Attached File(s)

  • Attached File  Attach.txt (7.35K)
    Number of downloads: 13
  • Attached File  ark.txt (57.2K)
    Number of downloads: 0

#2 User is offline   etavares 

  • Bleepin' Remover
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 10,393
  • Joined: 16-August 08
  • Gender:Male

Posted 05 January 2010 - 07:04 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  • Click on the My Controls link at the top of the page to enter your control panel.
  • Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  • Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  • Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.

Information on A/V control HERE

If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Posted Image
Unified Network of Instructors and Trusted Eliminators

#3 User is offline   shrimpboat 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 24-December 09

Posted 06 January 2010 - 04:34 AM

DDS (Ver_09-12-01.01) - NTFSx86
Run by Shrimpboat at 2:29:06.12 on Wed 01/06/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1790.924 [GMT -7:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Shrimpboat\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\alg.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Rhapsody\rhaphlpr.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Opera\opera.exe
C:\Users\Shrimpboat\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
mSearch Bar = hxxp://srch-qus8.hpwis.com/
uInternet Settings,ProxyOverride = *.local
mCustomizeSearch = hxxp://ie.search.msn.com
mSearchAssistant = hxxp://ie.search.msn.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
StartupFolder: c:\users\shrimp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shrimpboat\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\shrimp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\shrimp~1\appdata\roaming\mozilla\firefox\profiles\f9rg6sat.default\
FF - prefs.js: browser.startup.homepage - hxxp://kompepperochu.deviantart.com/
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\opera\program\plugins\npmmaud.dll
FF - plugin: c:\program files\opera\program\plugins\npmmprog.dll
FF - plugin: c:\program files\opera\program\plugins\npmmvid.dll
FF - plugin: c:\program files\opera\program\plugins\npmmzip.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-4-9 39472]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-18 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-28 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-11-28 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-11-28 138680]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2009-8-5 284016]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-28 210216]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-24 361808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-19 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-1 3032360]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-28 24652]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-10 43040]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-1 15144]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-28 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-11-28 352920]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-24 193840]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-3-20 27904]

=============== Created Last 30 ================

2010-01-04 20:01:07 0 d-----w- C:\WTablet
2009-12-23 20:15:56 0 d-----w- c:\program files\Trend Micro
2009-12-19 18:24:43 177 ----a-w- c:\windows\wininit.ini
2009-12-19 17:57:01 0 d-----w- c:\users\shrimp~1\appdata\roaming\Malwarebytes
2009-12-19 17:56:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-19 17:56:50 0 d-----w- c:\programdata\Malwarebytes
2009-12-19 17:56:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 17:56:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-19 17:48:57 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-19 17:48:57 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 16:58:50 4608 ----a-w- c:\windows\system32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-19 05:05:28 0 d-----w- c:\programdata\WindowsSearch
2009-12-19 02:13:02 6182432 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-19 02:13:02 56408 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-19 02:12:42 2506 ----a-w- C:\rollback.ini
2009-12-19 01:56:24 0 d-----w- c:\program files\common files\ParetoLogic
2009-12-19 01:56:23 0 d-----w- c:\programdata\ParetoLogic
2009-12-18 09:22:38 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-18 06:13:14 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-17 21:38:23 0 d-----w- c:\users\shrimp~1\appdata\roaming\Auslogics
2009-12-17 21:38:20 0 d-----w- c:\program files\Auslogics
2009-12-10 12:07:13 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 12:07:07 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 12:07:06 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 14:09:00 378368 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 14:07:34 244224 ----a-w- c:\windows\system32\rastls.dll
2009-12-09 14:07:33 281600 ----a-w- c:\windows\system32\raschap.dll

==================== Find3M ====================

2010-01-04 20:10:13 43034 ----a-w- c:\programdata\nvModes.dat
2009-12-18 09:22:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-10 05:10:51 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-10 05:10:50 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-10 05:10:50 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-30 09:38:20 104672 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-11-24 23:49:48 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-06 01:04:26 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-11-03 03:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll
2008-06-25 03:46:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-08 03:50:50 56 --sha-r- c:\windows\system32\CD008D9325.sys
2009-04-20 17:21:39 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2008-10-13 14:21:22 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 2:31:12.09 ===============

Attached File(s)


#4 User is offline   chamber 

  • Bleepin' Geek
  • PipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 329
  • Joined: 02-April 09
  • Gender:Male
  • Location:~/

Posted 07 January 2010 - 07:57 AM

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    nvstor32.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    ws2_32.dll
    proquota.exe
    imm32.dll
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    nvrd32.sys
    /md5stop
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image

  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
watch me and tremble, for I bring the purity of oblivion
Sudo apt-get me a sandwich!
Proud graduate of GeekU

#5 User is offline   shrimpboat 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 24-December 09

Posted 07 January 2010 - 07:08 PM

OTL logfile created on: 1/7/2010 1:51:24 PM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Shrimpboat\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.17 Gb Total Space | 30.87 Gb Free Space | 22.18% Space Free | Partition Type: NTFS
Drive D: | 9.88 Gb Total Space | 1.75 Gb Free Space | 17.69% Space Free | Partition Type: NTFS
Drive E: | 650.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 931.51 Gb Total Space | 727.41 Gb Free Space | 78.09% Space Free | Partition Type: NTFS
Drive G: | 7.47 Gb Total Space | 3.47 Gb Free Space | 46.39% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACTIONHAUS
Current User Name: Shrimpboat
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Shrimpboat\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Rhapsody\rhaphlpr.exe (RealNetworks, Inc.)
PRC - C:\Users\Shrimpboat\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Stickies\stickies.exe (Zhorn Software)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard)
PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Shrimpboat\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (HP Health Check Service) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (Com4QLBEx) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
SRV - (hpqwmiex) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (NCHSSVAD) -- C:\Windows\System32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (hotcore3) -- C:\Windows\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (RT25USBAP) -- C:\Windows\System32\drivers\RT25USBAP.SYS (Ralink Technology Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (XPADFL02) -- C:\Windows\System32\drivers\xPADFL02.sys (Compuware Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://kompepperochu.deviantart.com/"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.14
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: downintab@max.max:0.0.9
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.7
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: restart@restart.org:0.3
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.2.2
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/06/24 23:50:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/23 23:15:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 00:52:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 23:33:40 | 00,000,000 | ---D | M]

[2009/11/20 20:37:04 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Extensions
[2010/01/06 11:45:00 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions
[2009/12/07 14:21:02 | 00,000,000 | ---D | M] (Session Manager) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/11/21 13:10:04 | 00,000,000 | ---D | M] (Linkification) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/11/20 21:31:16 | 00,000,000 | ---D | M] (Stylish) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/12/22 03:17:21 | 00,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}(390)
[2009/11/20 20:50:28 | 00,000,000 | ---D | M] (4chan) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2009/11/20 20:50:28 | 00,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009/12/14 11:36:30 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/20 20:42:53 | 00,000,000 | ---D | M] (Classic Compact) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2009/12/09 01:11:19 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/20 20:50:28 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\downintab@max.max
[2009/11/20 20:50:29 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\restart@restart.org
[2009/11/20 20:42:57 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2009/11/20 21:00:47 | 00,000,921 | ---- | M] () -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\searchplugins\dictionarycom.xml
[2009/11/20 20:39:52 | 00,001,626 | ---- | M] () -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\searchplugins\mozilla-add-ons.xml
[2009/11/20 21:01:01 | 00,000,918 | ---- | M] () -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\searchplugins\thesauruscom.xml
[2009/11/20 21:00:30 | 00,002,013 | ---- | M] () -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\searchplugins\urban-dictionary.xml
[2009/11/20 20:36:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (366488 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12613 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Shrimpboat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Shrimpboat\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Shrimpboat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/24 23:20:48 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/28 02:20:18 | 00,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2005/09/28 01:55:17 | 00,700,416 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/09/28 00:25:53 | 00,606,208 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2005/09/28 02:18:19 | 00,000,138 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0811b661-bd98-11dd-bd17-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0811b661-bd98-11dd-bd17-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2005/09/28 01:55:17 | 00,700,416 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{2868d565-edf8-11de-8cbe-001f16459ae4}\Shell - "" = AutoRun
O33 - MountPoints2\{2868d565-edf8-11de-8cbe-001f16459ae4}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{64f7dd98-559f-11de-9b80-001f16459ae4}\Shell - "" = AutoRun
O33 - MountPoints2\{64f7dd98-559f-11de-9b80-001f16459ae4}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 19:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Ad-Watch - hkey= - key= - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
MsConfig - StartUpReg: Aim6 - hkey= - key= - C:\Program Files\AIM6\aim6.exe (AOL LLC)
MsConfig - StartUpReg: EKIJ5000StatusMonitor - hkey= - key= - File not found
MsConfig - StartUpReg: HP Health Check Scheduler - hkey= - key= - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpWirelessAssistant - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QlbCtrl.exe - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/01/07 12:30:57 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Shrimpboat\Desktop\OTL.exe
[2010/01/06 13:02:26 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2010/01/06 13:00:38 | 00,000,000 | ---D | C] -- C:\Users\Shrimpboat\Documents\EA Games
[2010/01/06 12:41:17 | 00,442,368 | R--- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2010/01/04 13:01:07 | 00,000,000 | ---D | C] -- C:\WTablet
[2009/12/23 13:15:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/21 11:20:13 | 00,000,000 | ---D | C] -- C:\Users\Shrimpboat\AppData\Roaming\U3
[2009/12/19 10:57:01 | 00,000,000 | ---D | C] -- C:\Users\Shrimpboat\AppData\Roaming\Malwarebytes
[2009/12/19 10:56:52 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/19 10:56:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/19 10:56:49 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/19 10:56:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/19 10:48:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/12/19 10:48:57 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/18 22:05:28 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/12/18 18:56:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/12/18 18:56:23 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2009/12/18 02:22:38 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/12/17 23:13:14 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/12/17 14:38:23 | 00,000,000 | ---D | C] -- C:\Users\Shrimpboat\AppData\Roaming\Auslogics
[2009/12/17 14:38:20 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2009/12/10 05:07:13 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/12/10 05:07:06 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/12/09 22:21:16 | 00,000,000 | ---D | C] -- C:\Users\Shrimpboat\AppData\Local\KODAK
[2009/12/09 07:08:51 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/12/09 07:08:51 | 00,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/12/09 07:08:50 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/12/09 07:08:50 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/12/09 07:08:50 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/12/09 07:08:49 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/12/09 07:08:49 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/12/09 07:08:49 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/12/09 07:08:49 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/12/09 07:08:49 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/12/09 07:08:49 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/12/09 07:08:49 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/12/09 07:08:49 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/12/09 07:08:49 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/12/09 07:07:34 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/12/09 07:07:33 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/07 13:59:09 | 08,126,464 | -HS- | M] () -- C:\Users\Shrimpboat\ntuser.dat
[2010/01/07 13:51:21 | 07,022,880 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2010/01/07 13:15:39 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/07 13:15:39 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/07 12:31:18 | 00,293,376 | ---- | M] () -- C:\Users\Shrimpboat\Desktop\ogse1f9w.exe
[2010/01/07 12:30:57 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Shrimpboat\Desktop\OTL.exe
[2010/01/07 00:38:51 | 00,870,128 | ---- | M] () -- C:\Users\Shrimpboat\AppData\Roaming\mcs.rma
[2010/01/07 00:38:51 | 00,000,004 | ---- | M] () -- C:\Users\Shrimpboat\AppData\Roaming\A3206C
[2010/01/06 23:04:56 | 00,000,505 | ---- | M] () -- C:\Users\Shrimpboat\Documents\My Sharing Folders.lnk
[2010/01/06 18:00:00 | 00,000,452 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010/01/06 14:20:43 | 00,043,034 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/01/06 14:20:43 | 00,043,034 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/06 02:32:37 | 00,004,706 | ---- | M] () -- C:\Users\Shrimpboat\Desktop\Attach.zip
[2010/01/05 17:19:56 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/05 17:19:56 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/05 17:19:56 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/04 13:16:20 | 00,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/01/04 13:16:18 | 00,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/01/04 13:15:39 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/04 13:15:23 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/04 13:15:17 | 18,773,27872 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/04 13:14:19 | 00,524,288 | -HS- | M] () -- C:\Users\Shrimpboat\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/04 13:14:19 | 00,065,536 | -HS- | M] () -- C:\Users\Shrimpboat\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/04 13:14:19 | 00,056,408 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2010/01/04 13:12:44 | 02,547,168 | -H-- | M] () -- C:\Users\Shrimpboat\AppData\Local\IconCache.db
[2010/01/01 15:02:13 | 00,001,233 | ---- | M] () -- C:\Windows\cdplayer.ini
[2009/12/31 04:05:05 | 00,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForShrimpboat.job
[2009/12/23 13:15:56 | 00,001,834 | ---- | M] () -- C:\Users\Shrimpboat\Desktop\HijackThis.lnk
[2009/12/19 11:26:06 | 00,366,488 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/12/19 11:24:44 | 00,000,177 | ---- | M] () -- C:\Windows\wininit.ini
[2009/12/19 11:06:53 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/12/19 10:49:05 | 00,001,015 | ---- | M] () -- C:\Users\Shrimpboat\Desktop\Spybot - Search & Destroy.lnk
[2009/12/19 10:05:06 | 00,004,608 | ---- | M] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/18 22:07:44 | 00,182,272 | ---- | M] () -- C:\Users\Shrimpboat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/18 19:12:42 | 00,002,506 | ---- | M] () -- C:\rollback.ini
[2009/12/18 10:54:49 | 05,452,215 | ---- | M] () -- C:\Users\Shrimpboat\Documents\Radiation - A Very Hussie Christmas2.mp3
[2009/12/18 02:22:28 | 00,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/12/18 02:19:21 | 00,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/12/17 23:34:03 | 04,456,448 | -HS- | M] () -- C:\Users\Shrimpboat\ntuser.dat_previous
[2009/12/17 14:49:01 | 00,001,802 | ---- | M] () -- C:\Users\Shrimpboat\Documents\ps_pi_stupid.rtf
[2009/12/15 00:15:14 | 00,002,709 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2009/12/09 21:56:27 | 00,000,890 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/07 12:31:18 | 00,293,376 | ---- | C] () -- C:\Users\Shrimpboat\Desktop\ogse1f9w.exe
[2010/01/06 02:32:36 | 00,004,706 | ---- | C] () -- C:\Users\Shrimpboat\Desktop\Attach.zip
[2010/01/04 12:52:24 | 18,773,27872 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/23 13:15:56 | 00,001,834 | ---- | C] () -- C:\Users\Shrimpboat\Desktop\HijackThis.lnk
[2009/12/19 11:24:43 | 00,000,177 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/19 10:49:05 | 00,001,015 | ---- | C] () -- C:\Users\Shrimpboat\Desktop\Spybot - Search & Destroy.lnk
[2009/12/19 09:58:50 | 00,004,608 | ---- | C] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/18 19:14:14 | 00,000,452 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2009/12/18 19:13:02 | 07,022,880 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/12/18 19:13:02 | 00,056,408 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/12/18 19:12:42 | 00,002,506 | ---- | C] () -- C:\rollback.ini
[2009/12/18 10:54:41 | 05,452,215 | ---- | C] () -- C:\Users\Shrimpboat\Documents\Radiation - A Very Hussie Christmas2.mp3
[2009/12/18 02:19:21 | 00,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/12/17 14:32:56 | 00,001,802 | ---- | C] () -- C:\Users\Shrimpboat\Documents\ps_pi_stupid.rtf
[2009/11/29 23:30:19 | 00,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/11/27 15:06:18 | 00,052,686 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Local\c4u.log
[2009/11/27 14:23:14 | 00,828,342 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Local\installer.log
[2009/11/13 16:17:40 | 00,001,233 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/09/01 11:54:34 | 00,870,128 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Roaming\mcs.rma
[2009/09/01 11:54:34 | 00,000,004 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Roaming\A3206C
[2009/08/18 16:55:15 | 00,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/08/18 16:55:15 | 00,000,088 | RHS- | C] () -- C:\ProgramData\25938D00CD.sys
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 12:53:36 | 00,237,568 | ---- | C] () -- C:\Windows\System32\Unlha32.dll
[2009/07/14 12:53:35 | 00,473,600 | ---- | C] () -- C:\Windows\System32\Harmony.dll
[2009/07/07 13:10:49 | 00,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/06/05 11:47:42 | 00,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2009/04/09 17:09:33 | 00,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll
[2009/04/09 17:09:26 | 04,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll
[2009/04/09 17:09:26 | 00,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/02/11 14:54:33 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/11 14:54:32 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/02/06 14:13:54 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/01/07 20:50:50 | 00,000,056 | RHS- | C] () -- C:\Windows\System32\CD008D9325.sys
[2009/01/07 20:50:46 | 00,001,890 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/12/04 11:51:56 | 00,007,592 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Local\d3d9caps.dat
[2008/12/01 16:34:25 | 00,182,272 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/28 09:34:29 | 00,000,000 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Local\QSwitch.txt
[2008/11/28 09:34:29 | 00,000,000 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Local\DSwitch.txt
[2008/11/28 09:34:29 | 00,000,000 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Local\AtStart.txt
[2008/11/24 15:32:44 | 00,005,120 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/10/13 07:07:43 | 00,043,034 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/10/13 07:07:40 | 00,043,034 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/06/24 23:36:20 | 00,000,688 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/06/11 08:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 08:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/06/11 08:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/06/11 08:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 08:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/06/11 08:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/06/11 08:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/06/11 08:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/06/11 08:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/05 07:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/06/01 00:13:10 | 00,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007/09/04 11:56:10 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/02/05 20:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 02:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/30 00:00:00 | 00,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005/08/30 00:00:00 | 00,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005/08/30 00:00:00 | 00,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
[2002/06/06 02:01:58 | 00,029,696 | ---- | C] () -- C:\Windows\System32\asutl8.dll

========== LOP Check ==========

[2008/12/21 23:49:29 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\acccore
[2009/04/02 20:49:54 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Anvil Studio
[2009/12/17 14:38:23 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Auslogics
[2010/01/05 20:19:26 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Dropbox
[2009/12/23 05:20:44 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\IrfanView
[2009/05/15 23:39:23 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Magic Set Editor
[2008/12/23 23:24:31 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\MSNInstaller
[2008/12/11 14:38:30 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\NCH Swift Sound
[2009/03/05 14:28:23 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Opera
[2008/12/11 15:34:51 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\SPORE
[2008/11/28 22:44:20 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\SPORE Creature Creator
[2010/01/04 13:15:53 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\stickies
[2008/11/28 15:54:55 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\SystemRequirementsLab
[2009/12/09 21:55:20 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Temp
[2009/01/20 14:41:29 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Unity
[2009/12/31 03:59:47 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\uTorrent
[2010/01/06 18:00:00 | 00,000,452 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2010/01/04 13:13:59 | 00,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/09/29 11:51:50 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2008/06/24 21:59:25 | 00,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3133259546-2329083868-553284090-500\desktop.ini
[2008/12/19 22:24:10 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$I0KV2GU.jpg
[2010/01/06 20:50:30 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$I1FAJ47.jpg
[2010/01/06 20:42:16 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$I3AS38P.jpg
[2010/01/06 21:06:04 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$I452RTP.jpg
[2009/01/06 21:57:48 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$I6BLHQD.exe
[2008/12/19 22:24:24 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$I7ZIBPX.gif
[2008/12/19 22:24:10 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$IA7MUWA.jpg
[2010/01/06 20:45:23 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$IDY5GHY.jpg
[2010/01/06 20:51:34 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$IL49GD4.png
[2008/12/19 22:59:51 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$IM73KZZ.jpg
[2008/12/19 22:24:24 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$IN9P9RM.jpg
[2008/12/19 22:24:10 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$IPGEFQ9.jpg
[2010/01/05 00:08:48 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$IQOWX82.jpg
[2010/01/05 19:06:00 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$IR061D3
[2008/12/19 22:21:50 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$ITBZOIV.jpg
[2010/01/06 20:47:01 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$IULS1IK.gif
[2010/01/06 21:00:20 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$IVQQOCH.jpg
[2010/01/06 14:26:27 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$IXTCXEZ.lnk
[2010/01/06 20:50:27 | 00,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$IZP43QD.jpg
[2009/10/02 09:54:14 | 00,349,631 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$R1FAJ47.jpg
[2008/12/26 17:19:03 | 00,176,310 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$R3AS38P.jpg
[2007/08/18 13:29:57 | 00,051,486 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$R452RTP.jpg
[2008/12/28 13:26:22 | 00,317,460 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RDY5GHY.jpg
[2008/09/25 10:43:55 | 00,311,250 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RL49GD4.png
[2010/01/04 23:33:02 | 00,379,742 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RQOWX82.jpg
[2009/07/10 09:39:50 | 00,031,992 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RULS1IK.gif
[2007/07/22 22:59:52 | 00,228,647 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RVQQOCH.jpg
[2010/01/06 13:01:21 | 00,000,600 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RXTCXEZ.lnk
[2009/10/02 09:52:48 | 00,367,132 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RZP43QD.jpg
[2008/11/28 09:34:03 | 00,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\desktop.ini
[2010/01/05 16:57:56 | 00,531,242 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\04\Arc_Wizard__Colored_by_KoMPepperochu.png
[2010/01/05 16:44:54 | 00,009,356 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\04\Bahamut_Centari.jpg
[2010/01/05 16:44:34 | 00,007,955 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\04\Creepy_Tonberry.jpg
[2010/01/05 16:45:22 | 00,005,226 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\04\Evilhead.jpg
[2010/01/05 16:45:32 | 00,025,996 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\04\Kyrbirudeyunusu_Dragon.png
[2010/01/05 16:55:15 | 00,172,513 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\04\Mejaruru_by_KoMPepperochu.png
[2010/01/05 16:55:23 | 00,100,708 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\04\Ouchmaster_is_Late_For_Work_by_KoMPepperochu.png
[2010/01/05 16:49:58 | 00,090,143 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\04\Oueyayoz_Eivai.png
[2010/01/05 16:44:28 | 00,051,559 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\04\Pepperochu.jpg
[2010/01/05 16:49:43 | 00,073,624 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\04\Perril.png
[2010/01/05 16:49:53 | 00,079,841 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\04\Sheltering_Zone.png
[2010/01/05 16:45:50 | 00,004,027 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\04\Shinryu.png
[2010/01/05 16:44:40 | 00,044,146 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\04\Taxej.jpg
[2010/01/05 16:55:00 | 00,268,772 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\04\The_Battle_by_KoMPepperochu.png
[2010/01/05 17:02:25 | 00,347,877 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\05\Breloom_by_KoMPepperochu.png
[2010/01/05 17:02:11 | 00,477,984 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\05\Hippocampus_by_KoMPepperochu.png
[2010/01/05 17:02:03 | 00,371,947 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\05\Nuunuu_by_KoMPepperochu.png
[2010/01/05 17:01:47 | 00,437,050 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\05\This_is_a_Title_by_KoMPepperochu.png
[2007/01/01 23:13:43 | 00,446,639 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\06\AhriSig.png
[2006/10/04 15:20:49 | 00,245,489 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\06\CROWNSIRRUSH.png
[2010/01/05 17:06:24 | 00,317,987 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\06\Dimetrodon_angelensis_by_KoMPepperochu.png
[2010/01/05 17:06:48 | 01,558,928 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\06\Highland_Wurm_by_KoMPepperochu.png
[2010/01/05 17:07:04 | 00,372,174 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\06\MEGIDDO_EXO_by_KoMPepperochu.png
[2010/01/05 17:06:55 | 00,003,195 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\06\OUCHMASTER_by_KoMPepperochu.png
[2010/01/05 17:06:36 | 00,321,450 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\06\When_The_Storm_Clears_by_KoMPepperochu.png
[2007/06/28 13:36:41 | 00,076,342 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\07-\airslider copy.jpg
[2007/05/31 20:33:01 | 00,282,710 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\07-\CNIDARAMECIUM.jpg
[2007/03/02 16:02:22 | 00,618,830 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\07-\decon.PNG
[2007/11/27 21:03:13 | 00,279,343 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\07-\fethrex copy.jpg
[2007/04/13 18:49:01 | 00,679,301 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\07-\hexer.PNG
[2007/08/14 22:22:07 | 00,468,100 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\07-\maurdreggflail copy.jpg
[2007/12/05 18:05:52 | 00,135,274 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\07-\xiphos copy.jpg
[2008/10/17 22:34:57 | 00,165,119 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\08\amphiphorusracus.jpg
[2007/02/21 17:29:29 | 00,717,551 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\08\CHRYSOMINI.PNG
[2008/01/28 21:04:40 | 00,248,172 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\08\jesuschrist.jpg
[2008/02/12 22:17:09 | 00,323,648 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\08\pokemonrby copy.jpg
[2007/06/03 16:00:30 | 01,385,214 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\08\redworm.bmp
[2008/06/18 16:27:13 | 00,189,028 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-1000\$RR061D3\08\ridgeback.jpg
[2008/10/13 07:15:03 | 00,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-500\desktop.ini

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-05 01:11:29


< MD5 for: AGP440.SYS >
[2008/01/20 19:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 19:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 19:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 19:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 02:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 19:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/20 19:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008/01/20 19:24:45 | 00,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\System32\autochk.exe
[2008/01/20 19:24:45 | 00,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe

< MD5 for: BEEP.SYS >
[2008/01/20 19:23:44 | 00,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008/01/20 19:23:44 | 00,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/01/12 22:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2008/10/28 23:20:29 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 23:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/28 23:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 20:59:17 | 02,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/10/27 19:15:02 | 02,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 19:24:24 | 02,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/20 19:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 19:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 19:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: IMM32.DLL >
[2008/01/20 19:24:24 | 00,114,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\imm32.dll
[2008/01/20 19:24:24 | 00,114,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll

< MD5 for: KERNEL32.DLL >
[2009/02/13 01:21:09 | 00,890,880 | ---- | M] (Microsoft Corporation) MD5=1987D817D08F5EAF0B7F334026FDDB79 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[2009/02/13 00:26:37 | 00,875,520 | ---- | M] (Microsoft Corporation) MD5=B82C7AC1D559F0FD088792171D64C7F3 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[2009/02/13 00:13:01 | 00,875,520 | ---- | M] (Microsoft Corporation) MD5=BB792054BD990EC05D9E260D50FEAD39 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[2008/01/20 19:24:13 | 00,888,320 | ---- | M] (Microsoft Corporation) MD5=DC2338093F91BA4E0512208E60206DDD -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
[2009/02/13 01:49:05 | 00,888,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\kernel32.dll
[2009/02/13 01:49:05 | 00,888,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/01/20 19:24:02 | 00,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\System32\mswsock.dll
[2008/01/20 19:24:02 | 00,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/01/20 19:23:50 | 00,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\System32\drivers\ndis.sys
[2008/01/20 19:23:50 | 00,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 19:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/20 19:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NTFS.SYS >
[2008/01/20 19:23:51 | 01,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\System32\drivers\ntfs.sys
[2008/01/20 19:23:51 | 01,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/01/20 19:25:28 | 00,460,288 | ---- | M] (Microsoft Corporation) MD5=A7DFF9642D510BE1EEC6664CD0369953 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmssvc.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 19:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 19:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 19:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2006/11/02 02:45:33 | 00,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\System32\proquota.exe
[2006/11/02 02:45:33 | 00,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

< MD5 for: QMGR.DLL >
[2008/01/20 19:25:00 | 00,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\System32\qmgr.dll
[2008/01/20 19:25:00 | 00,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/01/20 19:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/20 19:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2008/01/20 19:24:45 | 00,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\System32\spoolsv.exe
[2008/01/20 19:24:45 | 00,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 19:23:43 | 00,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 19:23:43 | 00,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TERMSRV.DLL >
[2008/01/20 19:24:12 | 00,448,512 | ---- | M] (Microsoft Corporation) MD5=D605031E225AACCBCEB5B76A4F1603A6 -- C:\Windows\System32\termsrv.dll
[2008/01/20 19:24:12 | 00,448,512 | ---- | M] (Microsoft Corporation) MD5=D605031E225AACCBCEB5B76A4F1603A6 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 19:24:49 | 00,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 19:24:49 | 00,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WS2_32.DLL >
[2008/01/20 19:24:48 | 00,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008/01/20 19:24:48 | 00,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

< %systemroot%\system32\*.dll /lockedfiles >
[2008/01/20 19:24:42 | 00,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/20 19:24:38 | 00,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >


OTL Extras logfile created on: 1/7/2010 1:51:24 PM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Shrimpboat\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.17 Gb Total Space | 30.87 Gb Free Space | 22.18% Space Free | Partition Type: NTFS
Drive D: | 9.88 Gb Total Space | 1.75 Gb Free Space | 17.69% Space Free | Partition Type: NTFS
Drive E: | 650.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 931.51 Gb Total Space | 727.41 Gb Free Space | 78.09% Space Free | Partition Type: NTFS
Drive G: | 7.47 Gb Total Space | 3.47 Gb Free Space | 46.39% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACTIONHAUS
Current User Name: Shrimpboat
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042680F9-3430-4F3E-9329-D29FF47803E2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{39989BC5-2D8B-474F-9F39-92091EFF40BA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{53F65B17-4BFB-4BD1-A4B7-5DC967899195}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{577E1A8A-2B1B-408B-9FC9-DA2FFEF9F8A9}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{638FB95F-B86F-403C-84A3-6E6F2A57B2E9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{74DC80E3-8AB4-4AD6-B6A7-FF245FDB8EF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7E42366F-A8E1-4703-8B29-139CA195FF04}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81E9DB41-98C0-41DA-BB1D-4D46F00C5BB6}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9A3F8724-B222-43FD-851C-2F492BE8A5FD}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{ADA2E9CF-BC46-4118-9512-7E173A1F6F01}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B6085786-12AD-42EE-BB87-609B917788EA}" = rport=2869 | protocol=6 | dir=out | app=system |
"{C239BE79-23BE-4233-ADEF-37F8C6B588D9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C9AD621E-2184-45C4-9448-CF901424EE5C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0AC7481-ECF1-428C-B1BB-6145E5E1A3C6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D8DC9AEC-A232-4650-B9C8-A247FA802A55}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E35DF76C-0CBF-4C73-8809-06B148F926BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EAB193-339B-49BC-8953-84052D4DF7BE}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{08402119-5928-45F4-BBC6-7E0A5683B665}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{1378A3D2-157A-46A2-8CE7-DCE7CC4062FF}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1427D0B2-CC2B-4920-902B-25BBBC38173C}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{1699AB8E-1344-49B8-BC5F-3C7464E933BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{213012B2-7B79-4C67-95A3-23056CA3C8B7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania united\tmforeverlauncher.exe |
"{26AC791D-62F1-4BFF-A2C3-D5E3E45A4D2B}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{29471B3B-8A8F-438B-87CA-BC427EA6B179}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{2AC046D5-9F8B-4202-9C06-B010DFB3201D}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{2BE42BAC-7E29-4F10-8AE3-EF06349B0DC8}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\aiohomecenter.exe |
"{2D71D4F9-81B9-443E-A87D-3F287B881A49}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{35F205D7-FDFE-4F4D-90D8-5F794C61B138}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B9C8C61-9517-4B3A-A7AC-F903F437D0F5}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3D27859B-EFF9-46B1-B7C7-9E14E091821E}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{3E2FFF03-B0C9-40E2-80B1-E611E5869E19}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{40637081-0F47-4CC4-B3C3-3CF015E85CC8}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{4B934880-20B1-4C38-9AA8-80A3C7461A55}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4FCFBC57-E89B-45B7-8878-747C48B13F97}" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"{50B74A88-CC97-4646-8795-D0236DF28514}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania united\tmforever.exe |
"{5225BAA9-575E-43EF-921E-4FE9FED1B890}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{5335DA05-746A-4DFD-A492-683DD5ACDC50}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5FD497AA-5A75-4744-86E8-2B607B67CFC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{622979FC-C448-4309-A9FA-CE410A635D51}" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"{62F420D1-60D5-41BB-BC22-3A20A1657090}" = dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe |
"{68E2B695-F671-452A-916E-1DAD22945BBF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6CFBD9C9-92B2-46DF-AB01-2F72A7EB6D23}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{72BF1A23-5D07-4529-9DF6-7F5B6901E42A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania united\tmforeverlauncher.exe |
"{78946C39-7433-4430-8B05-9EAF59BB895A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7C235500-E7F4-4895-A729-EBE7DC7ACCD6}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8509FF65-4073-4BAF-A997-BC42BB9EDA7E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8F183A6F-684B-41A7-A524-4ED519F11885}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{902C1511-41EA-4F94-8EAA-2178A9826391}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{93198B2C-0D3D-4261-9B43-DD0DA2727829}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{971134EF-BAC5-491B-9672-8F4C7B2E0BE0}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{9CF3D037-AD74-4510-8A3A-2BFE31AC37FE}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9F404AF3-CB4F-4770-8BAC-AAB9314F0EF1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania united\tmforever.exe |
"{A1E46610-237E-4AD5-867F-391054D2B6B5}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{A4ECF582-0EC5-4255-98B9-801875349529}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A5FE517C-51E6-4272-BEDD-3173E04556CB}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{A7D2B06C-17C2-448D-8521-489EE240DF1C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A9514470-6DE3-4E06-A887-C68BC644F0CB}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\firmware\kodakaioupdater.exe |
"{B00F4CB5-96EE-4A10-A92A-745DBCCA29A4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B5FC0737-0249-46CC-A6F6-C7BC99CCE1EA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BC27B048-464D-495A-87F5-6B02D335ADA2}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{BE2E7583-37A1-4966-8627-DCE5DE131A2A}" = protocol=17 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"{BF3725E1-A503-4C93-9FCE-03101E203FC0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{CB73DD2D-9F07-4177-929C-ADBA1C244105}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{CC25C219-C5FA-4814-AC4E-96374EBD9F9E}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{D6B7B3F8-044C-43E7-9FA0-5071B6CBC45B}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{E6FD16F0-0F0A-4F00-999D-E243E30432F0}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{EB574239-DDDA-4C55-AC0E-A00D9789C326}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\kodak.statistics.exe |
"{EC132236-CBA9-4EA9-A96E-F9D80AAEEEEF}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{ECDAC183-AD98-4772-ABC9-F5F1446C8E37}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{FF164A36-48C6-4C87-8383-80C1013FE6F8}" = protocol=6 | dir=in | app=c:\program files\kodak\aio\center\networkprinterdiscovery.exe |
"TCP Query User{179E8735-7410-41E4-BDDA-C8C28D6749C9}C:\program files\morun.net\sticker lite\sticker.exe" = protocol=6 | dir=in | app=c:\program files\morun.net\sticker lite\sticker.exe |
"TCP Query User{74B5760E-4DC1-4C73-8501-5DB7AEFCF3A4}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{7B336D7D-FAC0-4BC7-978F-6B9C3EF208EE}C:\program files\steam\steamapps\shrimpboat\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\shrimpboat\team fortress 2\hl2.exe |
"TCP Query User{94BFF552-25E0-4465-BDC5-7FB1E0737660}C:\program files\steam\steamapps\common\trackmania united\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\trackmania united\tmforever.exe |
"TCP Query User{E49F7F6A-F406-4703-B4B7-91435F71608E}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{2B9E0D7C-6B77-4CDE-AB61-F6DB0B5C5DF0}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{46D83B96-C549-4FE3-B0D4-7FFD0F8DA562}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{A69B780D-2C50-4A98-BFD6-051CA31BC883}C:\program files\morun.net\sticker lite\sticker.exe" = protocol=17 | dir=in | app=c:\program files\morun.net\sticker lite\sticker.exe |
"UDP Query User{D3E58155-E670-443E-967F-3EC3B848ED7E}C:\program files\steam\steamapps\shrimpboat\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\shrimpboat\team fortress 2\hl2.exe |
"UDP Query User{DD37FB4F-C047-4398-8142-550A0A3A6E87}C:\program files\steam\steamapps\common\trackmania united\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\trackmania united\tmforever.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A35883BD-9C83-4625-82F3-90F86728C662}" = FreeUndelete
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6D96D8E-04C4-47E8-A681-F7C9C6444B9A}" = NVIDIA PhysX v8.06.16
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B640E7CC-7091-4A24-AE76-2140065D2054}" = HP User Guides 0110
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}" = Paragon Partition Manager 9.0 Professional
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D155D300-C235-44FC-981C-F7B34683439C}" = Paragon Drive Backup 8.51 Professional Trial
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"7-Zip" = 7-Zip 4.57
"AbiWord2" = AbiWord 2.6.5
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AIM_6" = AIM 6
"AsUninst.exe" = Anvil Studio
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Easy MP3 Recorder_is1" = Easy MP3 Recorder v3.00
"ffdshow_is1" = ffdshow [rev 610] [2006-12-01]
"Game Maker 7.0" = Game Maker 7.0
"GameSaike SixaxisDriver_is1" = SixaxisDriver 0.91
"GDGAniTuner11" = AniTuner 1.1
"GIF Animator" = Microsoft GIF Animator
"GIF Movie Gear_is1" = GIF Movie Gear 4.2
"GoldWave v5.25" = GoldWave v5.25
"GraphicsGale FreeEdition_is1" = GraphicsGale FreeEdition version 1.93.10
"GSpot" = GSpot Codec Information Appliance
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"IrfanView" = IrfanView (remove only)
"Magic Set Editor 2_is1" = Magic Set Editor 2 - 0.2.7 beta
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MP3Resizer_is1" = MP3Resizer 1.9.1
"NVIDIA Drivers" = NVIDIA Drivers
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"Pcsx2_is1" = Pcsx2 0.9.4 Watermoose
"Pen Tablet Driver" = Pen Tablet
"Prism" = Prism Video Converter
"Rhapsody" = Rhapsody
"RPG Maker 2003_is1" = RPG Maker 2003 v1.08
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"Speakonia_is1" = Speakonia
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Steam App 12900" = Audiosurf
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 440" = Team Fortress 2
"Steam App 7200" = TrackMania United Forever
"Stickies 6.7a" = Stickies 6.7a
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Text to Speech Maker_is1" = Text to Speech Maker version 1.6.9
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"UndeletePlus_is1" = Undelete Plus 2.98
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.1
"VueScan" = VueScan
"Wallpaper Juggler 2.2" = Wallpaper Juggler 2.2
"WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool
"WildTangent hp Master Uninstall" = My HP Games
"winpcap-nmap" = winpcap-nmap 4.02
"Xvid_is1" = Xvid 1.1.3 final uninstall
"xVideos Video Downloader_is1" = xVideos Video Downloader 3.18

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"f5e89b6e4f74b674" = Book Writer
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/18/2009 6:34:16 PM | Computer Name = Actionhaus | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
failed, 0000A413.

Error - 11/18/2009 6:34:16 PM | Computer Name = Actionhaus | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wcp.dll
failed, 0000A413.

Error - 11/18/2009 6:34:16 PM | Computer Name = Actionhaus | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\DrUpdate.dll
failed, 0000A413.

Error - 11/18/2009 6:34:16 PM | Computer Name = Actionhaus | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\srclient.dll failed, 0000A413.

Error - 11/18/2009 6:34:16 PM | Computer Name = Actionhaus | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\System32\atl.dll failed, 0000A413.

Error - 11/18/2009 6:34:16 PM | Computer Name = Actionhaus | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6002.18005_none_0b4ada54c46c45b0\wrpint.dll
failed, 0000A413.

Error - 11/18/2009 6:34:31 PM | Computer Name = Actionhaus | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\Prefetch\PfSvPerfStats.bin failed, 0000A413.

Error - 12/18/2009 10:55:26 PM | Computer Name = Actionhaus | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Rhapsody\mmcdda32.dll failed, 00000005.

Error - 12/25/2009 1:41:03 PM | Computer Name = Actionhaus | Source = avast! | ID = 33554522
Description = AAVM - initialization error: FilterComm_Start: FilterConnectCommunicationPort
failed!, 800704D6.

Error - 12/25/2009 1:41:03 PM | Computer Name = Actionhaus | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: Cannot load core driver!!!,
00000002.

[ Application Events ]
Error - 1/5/2010 3:30:31 AM | Computer Name = Actionhaus | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 1/5/2010 3:30:31 AM | Computer Name = Actionhaus | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 1/5/2010 3:30:31 AM | Computer Name = Actionhaus | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 1/5/2010 3:30:31 AM | Computer Name = Actionhaus | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 1/5/2010 3:30:31 AM | Computer Name = Actionhaus | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 1/5/2010 3:30:31 AM | Computer Name = Actionhaus | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 1/5/2010 3:30:31 AM | Computer Name = Actionhaus | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 1/5/2010 3:30:31 AM | Computer Name = Actionhaus | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 1/6/2010 2:04:52 AM | Computer Name = Actionhaus | Source = Application Error | ID = 1000
Description = Faulting application rhapsody.exe, version 4.0.5.209, time stamp 0x4ac8eaf8,
faulting module rhapsody.exe, version 4.0.5.209, time stamp 0x4ac8eaf8, exception
code 0xc0000005, fault offset 0x000a1cb3, process id 0x17a8, application start time
0x01ca8e74cfdc2563.

Error - 1/6/2010 2:45:20 PM | Computer Name = Actionhaus | Source = Application Error | ID = 1000
Description = Faulting application rhapsody.exe, version 4.0.5.209, time stamp 0x4ac8eaf8,
faulting module xmencmp3.dll_unloaded, version 0.0.0.0, time stamp 0x3c927d4f,
exception code 0xc0000005, fault offset 0x65d2f111, process id 0x16c8, application
start time 0x01ca8ef57cebfb13.

[ System Events ]
Error - 1/4/2010 5:03:42 PM | Computer Name = Actionhaus | Source = Service Control Manager | ID = 7000
Description =

Error - 1/5/2010 2:13:27 AM | Computer Name = Actionhaus | Source = Service Control Manager | ID = 7000
Description =

Error - 1/5/2010 6:12:32 PM | Computer Name = Actionhaus | Source = Service Control Manager | ID = 7000
Description =

Error - 1/5/2010 10:06:16 PM | Computer Name = Actionhaus | Source = Service Control Manager | ID = 7000
Description =

Error - 1/6/2010 3:13:10 AM | Computer Name = Actionhaus | Source = Service Control Manager | ID = 7000
Description =

Error - 1/6/2010 1:27:21 PM | Computer Name = Actionhaus | Source = Service Control Manager | ID = 7000
Description =

Error - 1/6/2010 5:28:22 PM | Computer Name = Actionhaus | Source = Service Control Manager | ID = 7000
Description =

Error - 1/7/2010 12:33:41 AM | Computer Name = Actionhaus | Source = Service Control Manager | ID = 7000
Description =

Error - 1/7/2010 2:10:53 AM | Computer Name = Actionhaus | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 1/7/2010 3:38:29 AM | Computer Name = Actionhaus | Source = Service Control Manager | ID = 7000
Description =


< End of report >


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-07 16:49:01
Windows 6.0.6001 Service Pack 1
Running: ogse1f9w.exe; Driver: C:\Users\SHRIMP~1\AppData\Local\Temp\uxrdafod.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x82AB6000]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748588B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748998A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7485B9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7484FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74857A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7484EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7488B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7485BC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7485074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748506B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748471B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [748DD848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74877379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7484E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7484697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748469A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1264] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74852465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 [82AB29AA] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort0 [82AB29AA] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort1 [82AB29AA] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort2 [82AB29AA] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort3 [82AB29AA] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-6 [82AB29AA] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#6 User is offline   chamber 

  • Bleepin' Geek
  • PipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 329
  • Joined: 02-April 09
  • Gender:Male
  • Location:~/

Posted 08 January 2010 - 03:47 AM

Hi,

I need you to unistall uTorrent.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O33 - MountPoints2\{0811b661-bd98-11dd-bd17-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0811b661-bd98-11dd-bd17-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2005/09/28 01:55:17 | 00,700,416 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{2868d565-edf8-11de-8cbe-001f16459ae4}\Shell - "" = AutoRun
O33 - MountPoints2\{2868d565-edf8-11de-8cbe-001f16459ae4}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{64f7dd98-559f-11de-9b80-001f16459ae4}\Shell - "" = AutoRun
O33 - MountPoints2\{64f7dd98-559f-11de-9b80-001f16459ae4}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
[2009/12/31 03:59:47 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\uTorrent
[2005/09/29 11:51:50 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE


  • Double click on ComboFix.exe & follow the prompts.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Posted Image
watch me and tremble, for I bring the purity of oblivion
Sudo apt-get me a sandwich!
Proud graduate of GeekU

#7 User is offline   shrimpboat 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 24-December 09

Posted 08 January 2010 - 04:13 PM

ComboFix 10-01-04.01 - Shrimpboat 01/08/2010 13:47:00.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1790.481 [GMT -7:00]
Running from: c:\users\Shrimpboat\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3133259546-2329083868-553284090-500
c:\$recycle.bin\S-1-5-21-3520960539-2931153165-1943265910-500

.
((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-08 21:03 . 2010-01-08 21:04 -------- d-----w- c:\users\Shrimpboat\AppData\Local\temp
2010-01-08 21:03 . 2010-01-08 21:03 -------- d-----w- c:\users\Down\AppData\Local\temp
2010-01-08 21:03 . 2010-01-08 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-08 20:19 . 2010-01-08 20:19 -------- d-----w- C:\_OTL
2010-01-06 19:41 . 2005-09-28 04:11 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2010-01-04 20:01 . 2010-01-04 20:01 -------- d-----w- C:\WTablet
2009-12-23 20:15 . 2009-12-23 20:15 -------- d-----w- c:\program files\Trend Micro
2009-12-21 18:20 . 2009-12-21 18:26 -------- d-----w- c:\users\Shrimpboat\AppData\Roaming\U3
2009-12-19 17:57 . 2009-12-19 17:57 -------- d-----w- c:\users\Shrimpboat\AppData\Roaming\Malwarebytes
2009-12-19 17:56 . 2009-12-03 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-19 17:56 . 2009-12-19 17:56 -------- d-----w- c:\programdata\Malwarebytes
2009-12-19 17:56 . 2009-12-19 17:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-19 17:56 . 2009-12-03 23:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 17:48 . 2010-01-02 19:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-19 17:48 . 2009-12-19 17:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 05:05 . 2009-12-19 05:05 -------- d-----w- c:\programdata\WindowsSearch
2009-12-19 02:14 . 2009-12-19 02:14 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2009-12-19 02:13 . 2010-01-08 20:21 7026464 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-19 01:56 . 2009-12-19 03:06 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-19 01:56 . 2009-12-19 03:06 -------- d-----w- c:\programdata\ParetoLogic
2009-12-18 09:22 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-18 09:22 . 2009-12-19 15:25 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-18 09:19 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-18 06:13 . 2009-12-18 09:19 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-17 21:38 . 2009-12-17 21:38 -------- d-----w- c:\users\Shrimpboat\AppData\Roaming\Auslogics
2009-12-17 21:38 . 2009-12-17 21:38 -------- d-----w- c:\program files\Auslogics
2009-12-10 12:07 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 12:07 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 12:07 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 05:22 . 2009-08-03 16:33 192512 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\EKIJ5000PPR.dll
2009-12-10 05:21 . 2009-12-10 05:21 -------- d-----w- c:\users\Shrimpboat\AppData\Local\KODAK
2009-12-10 05:21 . 2009-08-05 14:29 1008640 ----a-w- c:\programdata\Kodak\Installer\Snowplow.dll
2009-12-10 04:54 . 2009-08-05 14:29 39280 ----a-w- c:\programdata\Kodak\Installer\Setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-08 20:44 . 2009-05-02 05:18 -------- d-----w- c:\users\Shrimpboat\AppData\Roaming\stickies
2010-01-08 20:39 . 2009-07-26 17:37 -------- d-----w- c:\users\Shrimpboat\AppData\Roaming\Dropbox
2010-01-08 20:23 . 2008-11-28 18:41 -------- d-----w- c:\users\Shrimpboat\AppData\Roaming\WTablet
2010-01-08 20:23 . 2008-10-13 14:07 43034 ----a-w- c:\programdata\nvModes.dat
2010-01-08 20:23 . 2009-11-27 21:24 -------- d-----w- c:\programdata\Kodak
2010-01-08 20:21 . 2009-12-19 02:13 70064 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-08 19:57 . 2008-11-28 23:14 -------- d-----w- c:\program files\uTorrent
2010-01-07 09:48 . 2009-08-03 17:17 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-23 12:20 . 2008-12-04 23:11 -------- d-----w- c:\programdata\FLEXnet
2009-12-23 12:20 . 2008-12-04 02:34 -------- d-----w- c:\users\Shrimpboat\AppData\Roaming\IrfanView
2009-12-23 12:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-23 12:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-23 11:29 . 2008-10-13 14:15 -------- d-----w- c:\programdata\NVIDIA
2009-12-19 15:25 . 2009-08-03 17:17 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-19 15:25 . 2009-08-03 17:17 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-19 15:25 . 2009-08-03 17:17 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-19 15:25 . 2009-08-03 17:17 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-19 15:25 . 2009-08-03 17:17 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-19 15:24 . 2009-08-03 17:17 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-19 15:24 . 2009-08-03 17:17 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-19 15:24 . 2009-08-03 17:17 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-19 15:24 . 2009-08-03 17:17 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-19 15:24 . 2009-08-03 17:17 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-19 15:24 . 2009-08-03 17:17 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-18 09:22 . 2009-08-03 18:07 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-18 09:22 . 2009-08-03 17:17 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-12-18 09:22 . 2009-08-03 17:17 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-18 09:22 . 2009-08-03 17:17 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-18 09:22 . 2009-08-03 17:17 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-18 09:22 . 2009-09-21 17:17 641632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-18 09:21 . 2009-08-03 17:34 2289688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ToolBox\LT\HostFileEditor.exe
2009-12-18 05:55 . 2008-11-28 22:54 -------- d-----w- c:\program files\SpywareBlaster
2009-12-10 12:06 . 2008-06-25 06:30 -------- d-----w- c:\programdata\Microsoft Help
2009-12-10 05:41 . 2009-11-27 21:49 -------- d-----w- c:\programdata\kds_kodak
2009-12-10 05:20 . 2009-11-27 21:29 -------- d-----w- c:\program files\Kodak
2009-12-10 04:59 . 2009-11-27 21:40 -------- d-----w- c:\programdata\Eastman Kodak Company
2009-12-05 03:01 . 2009-09-24 06:27 -------- d-----w- c:\program files\Cryptic Studios
2009-12-05 03:01 . 2008-11-28 22:56 -------- d-----w- c:\program files\Steam
2009-12-01 00:11 . 2009-12-01 00:11 -------- d-----w- c:\program files\Windows Journal Viewer
2009-11-30 20:42 . 2008-12-22 07:01 -------- d-----w- c:\program files\Windows Live
2009-11-30 20:41 . 2008-12-22 07:01 -------- d-----w- c:\programdata\WLInstaller
2009-11-30 09:53 . 2008-12-22 07:02 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-11-30 09:38 . 2009-11-30 09:38 104672 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-11-30 09:37 . 2008-11-28 16:32 8224 ----a-w- c:\users\Shrimpboat\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-30 06:30 . 2008-10-13 14:13 -------- d-----w- c:\programdata\CyberLink
2009-11-30 06:29 . 2008-06-25 05:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-30 06:29 . 2008-06-25 05:24 -------- d-----w- c:\program files\HP
2009-11-27 21:44 . 2008-12-04 22:59 -------- d-----w- c:\program files\Bonjour
2009-11-24 23:54 . 2008-11-28 17:02 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2008-11-28 17:02 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-11-28 17:02 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-11-28 17:02 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2008-11-28 17:02 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-11-28 17:02 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-11-28 17:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 06:40 . 2009-12-09 14:08 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 14:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 14:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 14:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-21 03:36 . 2009-11-21 03:36 0 ----a-w- c:\windows\nsreg.dat
2009-11-18 23:01 . 2009-09-01 18:32 -------- d-----w- c:\program files\Rhapsody
2009-11-18 21:38 . 2009-07-28 20:53 -------- d-----w- c:\users\Shrimpboat\AppData\Roaming\vlc
2009-11-11 21:24 . 2009-11-11 21:24 -------- d-----w- c:\program files\GraphicsGale FreeEdition
2009-11-06 01:04 . 2009-01-08 03:50 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-11-03 03:42 . 2009-10-05 18:10 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-25 12:02 2048 ----a-w- c:\windows\system32\tzres.dll
2009-01-08 03:50 . 2009-01-08 03:50 56 --sha-r- c:\windows\System32\CD008D9325.sys
2008-10-13 14:21 . 2008-10-13 14:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\users\Shrimpboat\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\users\Shrimpboat\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\users\Shrimpboat\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"Conime"="c:\windows\system32\conime.exe" [2008-01-21 69120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-12 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-12 92704]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2009-03-11 468264]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-03 1626112]

c:\users\Shrimpboat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Shrimpboat\AppData\Roaming\Dropbox\bin\Dropbox.exe [2009-9-3 26784939]
Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2009-12-18 09:21 788880 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2007-12-19 16:02 50528 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2009-08-03 16:33 1626112 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 15:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-06-02 07:55 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-10-18 18:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 15:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 23:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 11:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 hotcore3;hotcore3;c:\windows\System32\drivers\hotcore3.sys [4/9/2009 5:09 PM 39472]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [12/18/2009 2:22 AM 64288]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [11/28/2008 10:02 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [11/28/2008 10:02 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [11/28/2008 10:02 AM 53328]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [8/5/2009 12:49 PM 284016]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 4:17 AM 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/28/2008 1:53 AM 210216]
R2 npf;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [6/1/2008 12:13 AM 34064]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [6/24/2008 11:57 PM 361808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/19/2009 10:49 AM 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [12/1/2008 12:27 AM 3032360]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/28/2008 9:27 AM 24652]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [5/10/2008 10:17 AM 43040]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\System32\drivers\wacmoumonitor.sys [12/1/2008 12:27 AM 15144]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6/24/2008 10:34 PM 193840]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\System32\drivers\xPADFL02.sys [3/20/2009 12:38 PM 27904]
.
Contents of the 'Scheduled Tasks' folder

2010-01-08 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 09:22]

2010-01-08 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 09:22]

2010-01-08 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 09:22]

2010-01-08 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 09:22]

2010-01-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 09:22]

2009-12-31 c:\windows\Tasks\HPCeeScheduleForShrimpboat.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-06-25 03:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://srch-qus8.hpwis.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\
FF - prefs.js: browser.startup.homepage - hxxp://kompepperochu.deviantart.com/
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmaud.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmprog.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmvid.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmzip.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 14:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll atapi.sys >>UNKNOWN [0x874EE8C6]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x807aa322
\Driver\ACPI -> acpi.sys @ 0x80613d4c
\Driver\atapi -> atapi.sys @ 0x828a89aa
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3520960539-2931153165-1943265910-1000\Software\SecuROM\License information*]
"datasecu"=hex:74,17,bc,5c,74,75,d1,18,57,e5,61,77,41,fe,cb,b4,4f,51,b2,c3,82,
00,86,1c,8a,74,47,d4,8a,d1,59,2e,98,44,f7,5a,03,f7,16,ee,04,54,c6,e9,72,57,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4252)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\users\Shrimpboat\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
.
Completion time: 2010-01-08 14:10:33
ComboFix-quarantined-files.txt 2010-01-08 21:10

Pre-Run: 31,640,006,656 bytes free
Post-Run: 31,567,306,752 bytes free

- - End Of File - - 096AB1A62CCCB0086EAF49A97D781E46

#8 User is offline   chamber 

  • Bleepin' Geek
  • PipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 329
  • Joined: 02-April 09
  • Gender:Male
  • Location:~/

Posted 09 January 2010 - 06:02 AM

You have an infected boot controller.

First we need to copy the replacement file to C:\ which we will do from the command prompt

Open an elevated command window:


First open an elevated command prompt > Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.


Copy the contents of the code box > right click in the command window and select paste

copy C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys c:\


press enter

you should see 1 file copied on the screen

type exit to close the command window.

(if you do not see 1 file copied do not continue, but instead post back and let me know.)


Now we need to boot into the Recovery Environment:

Tap F8 on startup and select Repair your computer from the list of startup options.

If Repair your computer is not an option on the Advanced Startup menu, insert your Windows Vista dvd and restart the computer, then when prompted, select Repair your computer
  • select your keyboard layout
  • enter your username and password (if you use one)
  • then the System Recovery Options menu comes up
  • select Command Prompt

It will open to an x:\sources> prompt

(this may vary depending if you boot from cd or an installed RE)


at the X:\sources prompt type the following


ren c:\windows\system32\drivers\atapi.sys atapi.old
copy c:\atapi.sys c:\windows\system32\drivers\atapi.sys
exit


You should receive a message that "1 file" has been copied.

{if you do not receive a message that 1 file has been copied, the file will need to be renamed back - type
ren c:\windows\system32\drivers\atapi.old atapi.sys press enter
then type exit, reboot the system normally and report this to me.)

Reboot Normally.


Run CombofIx for me again and post the log back here.
Posted Image
watch me and tremble, for I bring the purity of oblivion
Sudo apt-get me a sandwich!
Proud graduate of GeekU

#9 User is offline   shrimpboat 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 24-December 09

Posted 10 January 2010 - 03:37 AM

ComboFix 10-01-04.01 - Shrimpboat 01/10/2010 1:12.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1790.792 [GMT -7:00]
Running from: c:\users\Shrimpboat\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-10 08:28 . 2010-01-10 08:28 -------- d-----w- c:\users\Shrimpboat\AppData\Local\temp
2010-01-10 08:28 . 2010-01-10 08:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-10 08:28 . 2010-01-10 08:28 -------- d-----w- c:\users\Ginger\AppData\Local\temp
2010-01-10 08:28 . 2010-01-10 08:28 -------- d-----w- c:\users\Down\AppData\Local\temp
2010-01-10 08:28 . 2010-01-10 08:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-10 07:24 . 2008-01-21 02:23 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-09 20:31 . 2008-01-21 02:23 21560 ----a-w- C:\atapi.sys
2010-01-08 20:19 . 2010-01-08 20:19 -------- d-----w- C:\_OTL
2010-01-06 19:41 . 2005-09-28 04:11 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2010-01-04 20:01 . 2010-01-04 20:01 -------- d-----w- C:\WTablet
2009-12-23 20:15 . 2009-12-23 20:15 -------- d-----w- c:\program files\Trend Micro
2009-12-21 18:20 . 2009-12-21 18:26 -------- d-----w- c:\users\Shrimpboat\AppData\Roaming\U3
2009-12-19 17:57 . 2009-12-19 17:57 -------- d-----w- c:\users\Shrimpboat\AppData\Roaming\Malwarebytes
2009-12-19 17:56 . 2009-12-03 23:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-19 17:56 . 2009-12-19 17:56 -------- d-----w- c:\programdata\Malwarebytes
2009-12-19 17:56 . 2009-12-19 17:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-19 17:56 . 2009-12-03 23:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 17:48 . 2010-01-02 19:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-19 17:48 . 2009-12-19 17:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 05:05 . 2009-12-19 05:05 -------- d-----w- c:\programdata\WindowsSearch
2009-12-19 02:14 . 2009-12-19 02:14 125952 ----a-w- c:\programdata\ParetoLogic\UUS2\Temp\Update.exe
2009-12-19 02:13 . 2010-01-10 06:18 7026464 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-19 01:56 . 2009-12-19 03:06 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-19 01:56 . 2009-12-19 03:06 -------- d-----w- c:\programdata\ParetoLogic
2009-12-18 09:22 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-18 09:22 . 2009-12-19 15:25 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-18 09:19 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-12-18 06:13 . 2009-12-18 09:19 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-17 21:38 . 2009-12-17 21:38 -------- d-----w- c:\users\Shrimpboat\AppData\Roaming\Auslogics
2009-12-17 21:38 . 2009-12-17 21:38 -------- d-----w- c:\program files\Auslogics

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 06:29 . 2009-07-26 17:37 -------- d-----w- c:\users\Shrimpboat\AppData\Roaming\Dropbox
2010-01-10 06:29 . 2009-05-02 05:18 -------- d-----w- c:\users\Shrimpboat\AppData\Roaming\stickies
2010-01-10 06:26 . 2008-11-28 18:41 -------- d-----w- c:\users\Shrimpboat\AppData\Roaming\WTablet
2010-01-10 06:26 . 2009-11-27 21:24 -------- d-----w- c:\programdata\Kodak
2010-01-10 06:18 . 2009-12-19 02:13 81824 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-01-08 20:23 . 2008-10-13 14:07 43034 ----a-w- c:\programdata\nvModes.dat
2010-01-08 19:57 . 2008-11-28 23:14 -------- d-----w- c:\program files\uTorrent
2010-01-07 09:48 . 2009-08-03 17:17 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-23 12:20 . 2008-12-04 23:11 -------- d-----w- c:\programdata\FLEXnet
2009-12-23 12:20 . 2008-12-04 02:34 -------- d-----w- c:\users\Shrimpboat\AppData\Roaming\IrfanView
2009-12-23 12:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-23 12:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-23 11:29 . 2008-10-13 14:15 -------- d-----w- c:\programdata\NVIDIA
2009-12-19 15:25 . 2009-08-03 17:17 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-19 15:25 . 2009-08-03 17:17 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-19 15:25 . 2009-08-03 17:17 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-19 15:25 . 2009-08-03 17:17 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-19 15:25 . 2009-08-03 17:17 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-19 15:24 . 2009-08-03 17:17 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-19 15:24 . 2009-08-03 17:17 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-19 15:24 . 2009-08-03 17:17 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-19 15:24 . 2009-08-03 17:17 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-19 15:24 . 2009-08-03 17:17 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-19 15:24 . 2009-08-03 17:17 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-18 09:22 . 2009-08-03 18:07 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-18 09:22 . 2009-08-03 17:17 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-12-18 09:22 . 2009-08-03 17:17 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-18 09:22 . 2009-08-03 17:17 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-18 09:22 . 2009-08-03 17:17 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-18 09:22 . 2009-09-21 17:17 641632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-12-18 09:21 . 2009-08-03 17:34 2289688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ToolBox\LT\HostFileEditor.exe
2009-12-18 05:55 . 2008-11-28 22:54 -------- d-----w- c:\program files\SpywareBlaster
2009-12-10 12:06 . 2008-06-25 06:30 -------- d-----w- c:\programdata\Microsoft Help
2009-12-10 05:41 . 2009-11-27 21:49 -------- d-----w- c:\programdata\kds_kodak
2009-12-10 05:20 . 2009-11-27 21:29 -------- d-----w- c:\program files\Kodak
2009-12-10 04:59 . 2009-11-27 21:40 -------- d-----w- c:\programdata\Eastman Kodak Company
2009-12-05 03:01 . 2009-09-24 06:27 -------- d-----w- c:\program files\Cryptic Studios
2009-12-05 03:01 . 2008-11-28 22:56 -------- d-----w- c:\program files\Steam
2009-12-01 00:11 . 2009-12-01 00:11 -------- d-----w- c:\program files\Windows Journal Viewer
2009-11-30 20:42 . 2008-12-22 07:01 -------- d-----w- c:\program files\Windows Live
2009-11-30 20:41 . 2008-12-22 07:01 -------- d-----w- c:\programdata\WLInstaller
2009-11-30 09:53 . 2008-12-22 07:02 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-11-30 09:38 . 2009-11-30 09:38 104672 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-11-30 09:37 . 2008-11-28 16:32 8224 ----a-w- c:\users\Shrimpboat\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-30 06:30 . 2008-10-13 14:13 -------- d-----w- c:\programdata\CyberLink
2009-11-30 06:29 . 2008-06-25 05:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-30 06:29 . 2008-06-25 05:24 -------- d-----w- c:\program files\HP
2009-11-27 21:44 . 2008-12-04 22:59 -------- d-----w- c:\program files\Bonjour
2009-11-24 23:54 . 2008-11-28 17:02 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:50 . 2008-11-28 17:02 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-11-28 17:02 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-11-28 17:02 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-24 23:49 . 2008-11-28 17:02 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-11-28 17:02 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-11-28 17:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 06:40 . 2009-12-09 14:08 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 14:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 14:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 14:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-21 03:36 . 2009-11-21 03:36 0 ----a-w- c:\windows\nsreg.dat
2009-11-18 23:01 . 2009-09-01 18:32 -------- d-----w- c:\program files\Rhapsody
2009-11-18 21:38 . 2009-07-28 20:53 -------- d-----w- c:\users\Shrimpboat\AppData\Roaming\vlc
2009-11-11 21:24 . 2009-11-11 21:24 -------- d-----w- c:\program files\GraphicsGale FreeEdition
2009-11-09 13:22 . 2009-12-10 12:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20 . 2009-12-10 12:07 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 11:04 . 2009-12-10 12:07 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-06 01:04 . 2009-01-08 03:50 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-11-03 03:42 . 2009-10-05 18:10 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41 . 2009-11-25 12:02 2048 ----a-w- c:\windows\system32\tzres.dll
2009-01-08 03:50 . 2009-01-08 03:50 56 --sha-r- c:\windows\System32\CD008D9325.sys
2008-10-13 14:21 . 2008-10-13 14:21 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\users\Shrimpboat\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\users\Shrimpboat\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-06-27 03:02 77824 ----a-w- c:\users\Shrimpboat\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"Conime"="c:\windows\system32\conime.exe" [2008-01-21 69120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-12 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-12 92704]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2009-03-11 468264]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-03 1626112]

c:\users\Shrimpboat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Shrimpboat\AppData\Roaming\Dropbox\bin\Dropbox.exe [2009-9-3 26784939]
Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2009-12-18 09:21 788880 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2007-12-19 16:02 50528 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]
2009-08-03 16:33 1626112 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 15:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-06-02 07:55 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-10-18 18:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 15:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 23:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 11:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 hotcore3;hotcore3;c:\windows\System32\drivers\hotcore3.sys [4/9/2009 5:09 PM 39472]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [12/18/2009 2:22 AM 64288]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [11/28/2008 10:02 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [11/28/2008 10:02 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [11/28/2008 10:02 AM 53328]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [8/5/2009 12:49 PM 284016]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 4:17 AM 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/28/2008 1:53 AM 210216]
R2 npf;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [6/1/2008 12:13 AM 34064]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [6/24/2008 11:57 PM 361808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [12/19/2009 10:49 AM 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\System32\Pen_Tablet.exe [12/1/2008 12:27 AM 3032360]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/28/2008 9:27 AM 24652]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [5/10/2008 10:17 AM 43040]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\System32\drivers\wacmoumonitor.sys [12/1/2008 12:27 AM 15144]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6/24/2008 10:34 PM 193840]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\System32\drivers\xPADFL02.sys [3/20/2009 12:38 PM 27904]
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 09:22]

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 09:22]

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 09:22]

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 09:22]

2010-01-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 09:22]

2009-12-31 c:\windows\Tasks\HPCeeScheduleForShrimpboat.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-06-25 03:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://srch-qus8.hpwis.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\
FF - prefs.js: browser.startup.homepage - hxxp://kompepperochu.deviantart.com/
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmaud.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmprog.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmvid.dll
FF - plugin: c:\program files\Opera\program\plugins\npmmzip.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 01:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3520960539-2931153165-1943265910-1000\Software\SecuROM\License information*]
"datasecu"=hex:74,17,bc,5c,74,75,d1,18,57,e5,61,77,41,fe,cb,b4,4f,51,b2,c3,82,
00,86,1c,8a,74,47,d4,8a,d1,59,2e,98,44,f7,5a,03,f7,16,ee,04,54,c6,e9,72,57,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2084)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\users\Shrimpboat\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
.
Completion time: 2010-01-10 01:34:38
ComboFix-quarantined-files.txt 2010-01-10 08:34
ComboFix2.txt 2010-01-08 21:10

Pre-Run: 30,333,624,320 bytes free
Post-Run: 30,366,801,920 bytes free

- - End Of File - - 896C2F159110D2DA3D581899508EF4A0

#10 User is offline   chamber 

  • Bleepin' Geek
  • PipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 329
  • Joined: 02-April 09
  • Gender:Male
  • Location:~/

Posted 10 January 2010 - 02:42 PM

That seems to have done the trick,

Post a fresh OTL log for me. :(
Posted Image
watch me and tremble, for I bring the purity of oblivion
Sudo apt-get me a sandwich!
Proud graduate of GeekU

#11 User is offline   shrimpboat 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 24-December 09

Posted 11 January 2010 - 02:05 AM

Yeah, Firefox is back in working condition! No more redirects and its speed is back. Thank you so much for all your help, really appreciate it! You're awesome!

OTL logfile created on: 1/10/2010 11:52:22 PM - Run 2
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Shrimpboat\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18865)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.17 Gb Total Space | 28.29 Gb Free Space | 20.33% Space Free | Partition Type: NTFS
Drive D: | 9.88 Gb Total Space | 1.75 Gb Free Space | 17.69% Space Free | Partition Type: NTFS
Drive E: | 650.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 931.51 Gb Total Space | 727.24 Gb Free Space | 78.07% Space Free | Partition Type: NTFS
Drive G: | 7.47 Gb Total Space | 3.47 Gb Free Space | 46.39% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACTIONHAUS
Current User Name: Shrimpboat
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Shrimpboat\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Rhapsody\rhaphlpr.exe (RealNetworks, Inc.)
PRC - C:\Users\Shrimpboat\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard)
PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\SMINST\BLService.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Shrimpboat\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (HP Health Check Service) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()
SRV - (Com4QLBEx) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)
SRV - (hpqwmiex) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.)
SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (NCHSSVAD) -- C:\Windows\System32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (hotcore3) -- C:\Windows\system32\drivers\hotcore3.sys (Paragon Software Group)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (RT25USBAP) -- C:\Windows\System32\drivers\RT25USBAP.SYS (Ralink Technology Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (XPADFL02) -- C:\Windows\System32\drivers\xPADFL02.sys (Compuware Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.deviantart.com/messages/"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.14
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: downintab@max.max:0.0.9
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.7
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: restart@restart.org:0.3
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.2.2
FF - prefs.js..network.proxy.type: 2

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/06/24 23:50:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/23 23:15:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 00:52:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 23:33:40 | 00,000,000 | ---D | M]

[2009/11/20 20:37:04 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Extensions
[2010/01/10 11:24:07 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions
[2009/12/07 14:21:02 | 00,000,000 | ---D | M] (Session Manager) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/11/21 13:10:04 | 00,000,000 | ---D | M] (Linkification) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2009/11/20 21:31:16 | 00,000,000 | ---D | M] (Stylish) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/12/22 03:17:21 | 00,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}(390)
[2009/11/20 20:50:28 | 00,000,000 | ---D | M] (4chan) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2009/11/20 20:50:28 | 00,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/01/10 11:23:57 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/20 20:42:53 | 00,000,000 | ---D | M] (Classic Compact) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2009/12/09 01:11:19 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/11/20 20:50:28 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\downintab@max.max
[2009/11/20 20:50:29 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\restart@restart.org
[2009/11/20 20:42:57 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions
[2009/11/20 21:00:47 | 00,000,921 | ---- | M] () -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\searchplugins\dictionarycom.xml
[2009/11/20 20:39:52 | 00,001,626 | ---- | M] () -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\searchplugins\mozilla-add-ons.xml
[2009/11/20 21:01:01 | 00,000,918 | ---- | M] () -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\searchplugins\thesauruscom.xml
[2009/11/20 21:00:30 | 00,002,013 | ---- | M] () -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\searchplugins\urban-dictionary.xml
[2009/11/20 20:36:41 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (366488 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12613 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Shrimpboat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Shrimpboat\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Users\Shrimpboat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/24 23:20:48 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/28 02:20:18 | 00,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2005/09/28 01:55:17 | 00,700,416 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/09/28 00:25:53 | 00,606,208 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2005/09/28 02:18:19 | 00,000,138 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/10 01:34:42 | 00,000,000 | ---D | C] -- C:\Users\Shrimpboat\AppData\Local\temp
[2010/01/10 01:32:41 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/01/09 23:29:48 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010/01/09 23:28:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/01/09 13:31:58 | 00,021,560 | ---- | C] (Microsoft Corporation) -- C:\atapi.sys
[2010/01/08 13:45:02 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/08 13:45:02 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/08 13:45:02 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/08 13:44:45 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/08 13:44:08 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/08 13:19:47 | 00,000,000 | ---D | C] -- C:\_OTL
[2010/01/07 12:30:57 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Shrimpboat\Desktop\OTL.exe
[2010/01/06 13:02:26 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2010/01/06 13:00:38 | 00,000,000 | ---D | C] -- C:\Users\Shrimpboat\Documents\EA Games
[2010/01/06 12:41:17 | 00,442,368 | R--- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2010/01/04 13:01:07 | 00,000,000 | ---D | C] -- C:\WTablet
[2009/12/23 13:15:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/12/21 11:20:13 | 00,000,000 | ---D | C] -- C:\Users\Shrimpboat\AppData\Roaming\U3
[2009/12/19 10:57:01 | 00,000,000 | ---D | C] -- C:\Users\Shrimpboat\AppData\Roaming\Malwarebytes
[2009/12/19 10:56:52 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/19 10:56:50 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/19 10:56:49 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/19 10:56:49 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/19 10:48:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/12/19 10:48:57 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/18 22:05:28 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2009/12/18 18:56:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/12/18 18:56:23 | 00,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2009/12/18 02:22:38 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2009/12/17 23:13:14 | 00,000,000 | -H-D | C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/12/17 14:38:23 | 00,000,000 | ---D | C] -- C:\Users\Shrimpboat\AppData\Roaming\Auslogics
[2009/12/17 14:38:20 | 00,000,000 | ---D | C] -- C:\Program Files\Auslogics

========== Files - Modified Within 30 Days ==========

[2010/01/10 23:52:38 | 08,126,464 | -HS- | M] () -- C:\Users\Shrimpboat\ntuser.dat
[2010/01/10 23:42:04 | 00,043,034 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/01/10 23:41:57 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/10 13:26:26 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/10 13:26:26 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/10 08:23:11 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010/01/10 02:22:12 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010/01/10 01:41:00 | 00,870,128 | ---- | M] () -- C:\Users\Shrimpboat\AppData\Roaming\mcs.rma
[2010/01/10 01:41:00 | 00,000,004 | ---- | M] () -- C:\Users\Shrimpboat\AppData\Roaming\A3206C
[2010/01/10 01:28:53 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/01/09 23:32:40 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/09 23:32:40 | 00,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/09 23:32:40 | 00,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/09 23:29:47 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/01/09 23:29:47 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010/01/09 23:29:46 | 00,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010/01/09 23:27:18 | 00,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/01/09 23:27:09 | 00,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/01/09 23:26:31 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/09 23:26:16 | 18,772,95104 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/09 23:18:35 | 07,026,464 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2010/01/09 23:18:35 | 00,081,824 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2010/01/09 23:18:33 | 00,524,288 | -HS- | M] () -- C:\Users\Shrimpboat\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/09 23:18:33 | 00,065,536 | -HS- | M] () -- C:\Users\Shrimpboat\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/09 23:17:32 | 02,916,564 | -H-- | M] () -- C:\Users\Shrimpboat\AppData\Local\IconCache.db
[2010/01/08 13:36:53 | 03,819,182 | R--- | M] () -- C:\Users\Shrimpboat\Desktop\ComboFix.exe
[2010/01/08 13:23:24 | 00,043,034 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/01/08 13:13:51 | 33,504,7424 | ---- | M] () -- C:\Users\Shrimpboat\Desktop\registrybackup.reg
[2010/01/08 12:56:59 | 00,001,630 | ---- | M] () -- C:\Users\Shrimpboat\Desktop\CCleaner.lnk
[2010/01/08 00:35:20 | 00,000,505 | ---- | M] () -- C:\Users\Shrimpboat\Documents\My Sharing Folders.lnk
[2010/01/07 12:31:18 | 00,293,376 | ---- | M] () -- C:\Users\Shrimpboat\Desktop\ogse1f9w.exe
[2010/01/07 12:30:57 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Shrimpboat\Desktop\OTL.exe
[2010/01/06 02:32:37 | 00,004,706 | ---- | M] () -- C:\Users\Shrimpboat\Desktop\Attach.zip
[2010/01/01 15:02:13 | 00,001,233 | ---- | M] () -- C:\Windows\cdplayer.ini
[2009/12/31 04:05:05 | 00,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForShrimpboat.job
[2009/12/23 13:15:56 | 00,001,834 | ---- | M] () -- C:\Users\Shrimpboat\Desktop\HijackThis.lnk
[2009/12/19 11:26:06 | 00,366,488 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/12/19 11:24:44 | 00,000,177 | ---- | M] () -- C:\Windows\wininit.ini
[2009/12/19 11:06:53 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/12/19 10:49:05 | 00,001,015 | ---- | M] () -- C:\Users\Shrimpboat\Desktop\Spybot - Search & Destroy.lnk
[2009/12/19 10:05:06 | 00,004,608 | ---- | M] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/18 22:07:44 | 00,182,272 | ---- | M] () -- C:\Users\Shrimpboat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/18 19:12:42 | 00,002,506 | ---- | M] () -- C:\rollback.ini
[2009/12/18 10:54:49 | 05,452,215 | ---- | M] () -- C:\Users\Shrimpboat\Documents\Radiation - A Very Hussie Christmas2.mp3
[2009/12/18 02:22:28 | 00,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2009/12/18 02:19:21 | 00,000,967 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/12/17 23:34:03 | 04,456,448 | -HS- | M] () -- C:\Users\Shrimpboat\ntuser.dat_previous
[2009/12/17 14:49:01 | 00,001,802 | ---- | M] () -- C:\Users\Shrimpboat\Documents\ps_pi_stupid.rtf
[2009/12/15 00:15:14 | 00,002,709 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2

========== Files Created - No Company Name ==========

[2010/01/09 23:29:47 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/01/09 23:29:46 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010/01/09 23:29:46 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010/01/09 23:29:45 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010/01/09 23:29:11 | 00,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010/01/08 13:45:02 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/08 13:45:02 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/08 13:45:02 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/08 13:45:02 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/08 13:45:02 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/01/08 13:39:06 | 03,819,182 | R--- | C] () -- C:\Users\Shrimpboat\Desktop\ComboFix.exe
[2010/01/08 13:11:26 | 33,504,7424 | ---- | C] () -- C:\Users\Shrimpboat\Desktop\registrybackup.reg
[2010/01/07 16:50:47 | 18,772,95104 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/07 12:31:18 | 00,293,376 | ---- | C] () -- C:\Users\Shrimpboat\Desktop\ogse1f9w.exe
[2010/01/06 02:32:36 | 00,004,706 | ---- | C] () -- C:\Users\Shrimpboat\Desktop\Attach.zip
[2009/12/23 13:15:56 | 00,001,834 | ---- | C] () -- C:\Users\Shrimpboat\Desktop\HijackThis.lnk
[2009/12/19 11:24:43 | 00,000,177 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/19 10:49:05 | 00,001,015 | ---- | C] () -- C:\Users\Shrimpboat\Desktop\Spybot - Search & Destroy.lnk
[2009/12/19 09:58:50 | 00,004,608 | ---- | C] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/18 19:13:02 | 07,026,464 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2009/12/18 19:13:02 | 00,081,824 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2009/12/18 19:12:42 | 00,002,506 | ---- | C] () -- C:\rollback.ini
[2009/12/18 10:54:41 | 05,452,215 | ---- | C] () -- C:\Users\Shrimpboat\Documents\Radiation - A Very Hussie Christmas2.mp3
[2009/12/18 02:19:21 | 00,000,967 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009/12/17 14:32:56 | 00,001,802 | ---- | C] () -- C:\Users\Shrimpboat\Documents\ps_pi_stupid.rtf
[2009/11/29 23:30:19 | 00,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/11/27 15:06:18 | 00,052,686 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Local\c4u.log
[2009/11/27 14:23:14 | 00,828,342 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Local\installer.log
[2009/11/13 16:17:40 | 00,001,233 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/09/01 11:54:34 | 00,870,128 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Roaming\mcs.rma
[2009/09/01 11:54:34 | 00,000,004 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Roaming\A3206C
[2009/08/18 16:55:15 | 00,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/08/18 16:55:15 | 00,000,088 | RHS- | C] () -- C:\ProgramData\25938D00CD.sys
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/14 12:53:36 | 00,237,568 | ---- | C] () -- C:\Windows\System32\Unlha32.dll
[2009/07/14 12:53:35 | 00,473,600 | ---- | C] () -- C:\Windows\System32\Harmony.dll
[2009/07/07 13:10:49 | 00,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/06/05 11:47:42 | 00,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2009/04/09 17:09:33 | 00,247,560 | ---- | C] () -- C:\Windows\System32\prgiso.dll
[2009/04/09 17:09:26 | 04,244,744 | ---- | C] () -- C:\Windows\System32\qtp-mt334.dll
[2009/04/09 17:09:26 | 00,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/02/11 14:54:33 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/02/11 14:54:32 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/02/06 14:13:54 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/01/07 20:50:50 | 00,000,056 | RHS- | C] () -- C:\Windows\System32\CD008D9325.sys
[2009/01/07 20:50:46 | 00,001,890 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/12/04 11:51:56 | 00,007,592 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Local\d3d9caps.dat
[2008/12/01 16:34:25 | 00,182,272 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/28 09:34:29 | 00,000,000 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Local\QSwitch.txt
[2008/11/28 09:34:29 | 00,000,000 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Local\DSwitch.txt
[2008/11/28 09:34:29 | 00,000,000 | ---- | C] () -- C:\Users\Shrimpboat\AppData\Local\AtStart.txt
[2008/11/24 15:32:44 | 00,005,120 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/10/13 07:07:43 | 00,043,034 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/10/13 07:07:40 | 00,043,034 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/06/24 23:36:20 | 00,000,688 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/06/11 08:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 08:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/06/11 08:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/06/11 08:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 08:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/06/11 08:02:34 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/06/11 08:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/06/11 08:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/06/11 08:02:32 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/05 07:58:26 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/06/01 00:13:10 | 00,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007/09/04 11:56:10 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/02/05 20:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 02:58:00 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/30 00:00:00 | 00,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005/08/30 00:00:00 | 00,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005/08/30 00:00:00 | 00,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
[2002/06/06 02:01:58 | 00,029,696 | ---- | C] () -- C:\Windows\System32\asutl8.dll

========== LOP Check ==========

[2008/12/21 23:49:29 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\acccore
[2009/04/02 20:49:54 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Anvil Studio
[2009/12/17 14:38:23 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Auslogics
[2010/01/09 23:29:19 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Dropbox
[2009/12/23 05:20:44 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\IrfanView
[2009/05/15 23:39:23 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Magic Set Editor
[2008/12/23 23:24:31 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\MSNInstaller
[2008/12/11 14:38:30 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\NCH Swift Sound
[2009/03/05 14:28:23 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Opera
[2008/12/11 15:34:51 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\SPORE
[2008/11/28 22:44:20 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\SPORE Creature Creator
[2010/01/09 23:29:15 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\stickies
[2008/11/28 15:54:55 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\SystemRequirementsLab
[2009/12/09 21:55:20 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Temp
[2009/01/20 14:41:29 | 00,000,000 | ---D | M] -- C:\Users\Shrimpboat\AppData\Roaming\Unity
[2010/01/10 02:22:12 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2010/01/10 08:23:11 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2010/01/09 23:29:46 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2010/01/09 23:29:47 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2010/01/09 23:29:47 | 00,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/01/09 23:18:05 | 00,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >

#12 User is offline   chamber 

  • Bleepin' Geek
  • PipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 329
  • Joined: 02-April 09
  • Gender:Male
  • Location:~/

Posted 11 January 2010 - 03:55 AM

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean


Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.



Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image


  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Posted Image
watch me and tremble, for I bring the purity of oblivion
Sudo apt-get me a sandwich!
Proud graduate of GeekU

#13 User is offline   shrimpboat 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 24-December 09

Posted 12 January 2010 - 02:54 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3541
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

1/11/2010 12:58:28 PM
mbam-log-2010-01-11 (12-58-28).txt

Scan type: Quick Scan
Objects scanned: 111655
Time elapsed: 8 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, January 12, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, January 11, 2010 20:57:10
Records in database: 3299053
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 285427
Threats found: 2
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 11:35:53


File name / Threat / Threats count
C:\Windows\System32\drivers\atapi.old Infected: Rootkit.Win32.TDSS.u 1
F:\Games\PC\PC-PacMan.World.Rally[English]\rld-pmwr.iso Infected: Trojan-Downloader.Win32.Agent.ayi 2
F:\Games\PC\PC-PacMan.World.Rally[English]\rld-pmwr.part04.rar Infected: Trojan-Downloader.Win32.Agent.ayi 2

Selected area has been scanned.

#14 User is offline   chamber 

  • Bleepin' Geek
  • PipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 329
  • Joined: 02-April 09
  • Gender:Male
  • Location:~/

Posted 12 January 2010 - 03:15 PM

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services

:Reg

:Files
C:\Windows\System32\drivers\atapi.old
F:\Games\PC\PC-PacMan.World.Rally[English]\rld-pmwr.iso
F:\Games\PC\PC-PacMan.World.Rally[English]\rld-pmwr.part04.rar

:Commands
[purity]
[emptytemp]
[Reboot]


  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Post a fresh DDS log for me as well, also how things are currently running.
Posted Image
watch me and tremble, for I bring the purity of oblivion
Sudo apt-get me a sandwich!
Proud graduate of GeekU

#15 User is offline   shrimpboat 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 24-December 09

Posted 12 January 2010 - 10:58 PM

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File move failed. C:\Windows\System32\drivers\atapi.old

scheduled to be moved on reboot.
F:\Games\PC\PC-PacMan.World.Rally[English]\rld-pmwr.iso moved

successfully.
F:\Games\PC\PC-PacMan.World.Rally[English]\rld-

pmwr.part04.rar moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Down
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ginger
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Shrimpboat
->Temp folder emptied: 90894124 bytes
->Temporary Internet Files folder emptied: 4546995 bytes
->Java cache emptied: 13818443 bytes
->FireFox cache emptied: 52748090 bytes
->Opera cache emptied: 2471008 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10438 bytes
%systemroot%\system32\config\systemprofile\Local

Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32

\config\systemprofile\AppData\Local\Microsoft\Windows\Tempora

ry Internet Files folder emptied: 33170 bytes
%systemroot%\system32

\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment

folder emptied: 243 bytes
RecycleBin emptied: 76651 bytes

Total Files Cleaned = 157.00 mb


OTM by OldTimer - Version 3.1.5.0 log created on

01122010_200633

Files moved on Reboot...
File move failed. C:\Windows\System32\drivers\atapi.old

scheduled to be moved on reboot.
File C:\Windows\temp\_avast4_\Webshlock.txt not found!
C:\Windows\temp\sqlite_1cZYHFfYq6nzI4E moved successfully.
C:\Windows\temp\sqlite_6KrrIeASiJnYcDL moved successfully.
C:\Windows\temp\sqlite_TKzhzSysJcEuh9v moved successfully.

Registry entries deleted on Reboot...



Results of screen317's Security Check version 0.99.1
Windows Vista Service Pack 1 (UAC is disabled!)
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
SpywareBlaster 4.2
Spybot - Search & Destroy
McAfee SiteAdvisor
HijackThis 2.0.2
CCleaner
Java™ 6 Update 17
Adobe Flash Player 10
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
``````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

`````````End of Log```````````




DDS (Ver_09-12-01.01) - NTFSx86
Run by Shrimpboat at 20:36:47.15 on Tue 01/12/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1790.381 [GMT -7:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\notepad.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Shrimpboat\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Stickies\stickies.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchProtocolHost.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Shrimpboat\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://srch-qus8.hpwis.com/
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\shrimp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shrimpboat\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\shrimp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
StartupFolder: c:\users\shrimp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shrimpboat\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\shrimp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\shrimp~1\appdata\roaming\mozilla\firefox\profiles\f9rg6sat.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.deviantart.com/messages/
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\opera\program\plugins\npmmaud.dll
FF - plugin: c:\program files\opera\program\plugins\npmmprog.dll
FF - plugin: c:\program files\opera\program\plugins\npmmvid.dll
FF - plugin: c:\program files\opera\program\plugins\npmmzip.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-4-9 39472]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-18 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-28 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-11-28 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-11-28 138680]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2009-8-5 284016]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-28 210216]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-24 361808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-19 1153368]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-1 3032360]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-28 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-28 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-11-28 352920]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-10 43040]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-1 15144]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-24 193840]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-3-20 27904]

=============== Created Last 30 ================

2010-01-13 03:06:34 0 d-----w- C:\_OTM
2010-01-10 08:32:41 0 d-sh--w- C:\$RECYCLE.BIN
2010-01-10 07:24:56 21560 ------w- c:\windows\system32\drivers\atapi.sys
2010-01-10 06:29:48 0 d-----w- C:\ComboFix
2010-01-09 20:31:58 21560 ----a-w- C:\atapi.sys
2010-01-08 20:45:02 98816 ----a-w- c:\windows\sed.exe
2010-01-08 20:45:02 77312 ----a-w- c:\windows\MBR.exe
2010-01-08 20:45:02 261632 ----a-w- c:\windows\PEV.exe
2010-01-08 20:45:02 161792 ----a-w- c:\windows\SWREG.exe
2010-01-08 20:19:47 0 d-----w- C:\_OTL
2010-01-06 19:41:17 442368 ----a-r- c:\windows\system32\vp6vfw.dll
2010-01-04 20:01:07 0 d-----w- C:\WTablet
2009-12-23 20:15:56 0 d-----w- c:\program files\Trend Micro
2009-12-19 18:24:43 177 ----a-w- c:\windows\wininit.ini
2009-12-19 17:57:01 0 d-----w- c:\users\shrimp~1\appdata\roaming\Malwarebytes
2009-12-19 17:56:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-19 17:56:50 0 d-----w- c:\programdata\Malwarebytes
2009-12-19 17:56:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 17:56:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-19 17:48:57 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-19 17:48:57 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 16:58:50 4608 ----a-w- c:\windows\system32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-19 05:05:28 0 d-----w- c:\programdata\WindowsSearch
2009-12-19 02:13:02 214676 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-19 02:13:02 15647776 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-19 02:12:42 2506 ----a-w- C:\rollback.ini
2009-12-19 01:56:24 0 d-----w- c:\program files\common files\ParetoLogic
2009-12-19 01:56:23 0 d-----w- c:\programdata\ParetoLogic
2009-12-18 09:22:38 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-18 06:13:14 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-17 21:38:23 0 d-----w- c:\users\shrimp~1\appdata\roaming\Auslogics
2009-12-17 21:38:20 0 d-----w- c:\program files\Auslogics

==================== Find3M ====================

2010-01-11 20:19:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-08 20:23:24 43034 ----a-w- c:\programdata\nvModes.dat
2009-12-18 09:22:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-10 05:10:51 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-10 05:10:50 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-10 05:10:50 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-30 09:38:20 104672 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-11-24 23:49:48 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 13:22:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20:16 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-11-06 01:04:26 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-11-03 03:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll
2008-06-25 03:46:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-01-08 03:50:50 56 --sha-r- c:\windows\system32\CD008D9325.sys
2009-04-20 17:21:39 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2008-10-13 14:21:22 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 20:39:14.72 ===============


Things are running just fine now. Nothing noticeable!

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users