Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Virus (Hijackthis Report)


  • This topic is locked This topic is locked
43 replies to this topic

#1 BrooklynMatt

BrooklynMatt

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 27 March 2009 - 05:35 PM

My computer was just taken over. I ran SUPERantispyware which identified and removed roughly 40 infections. I thought I was in clear after that but my computer is still clearly infected. I've been through this before so luckily I already had Hijackthis on my computer. Here is the log, please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:45 PM, on 3/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe
C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\wejy12.exe
C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\wejy12.exe
C:\Documents and Settings\Matt K.MOBILEDESTOYER\reader_s.exe
C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\3313143468.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Xobni\XobniService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fuser.com/fuser.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [PCMService.exe] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [Empowering] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [cli.exe] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL.EXE] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel.EXE] SkyTel.EXE
O4 - HKLM\..\Run: [ALCMTR.EXE] ALCMTR.EXE
O4 - HKLM\..\Run: [LManager.exe] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ipoint.exe] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [jusched.exe] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper.exe] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [sujagigidu] Rundll32.exe "C:\WINDOWS\system32\viyiyini.dll",s
O4 - HKLM\..\Run: [Wxapigihag] rundll32.exe "C:\WINDOWS\Fduvogevusukase.dll",e
O4 - HKLM\..\Run: [CPM038db9ee] Rundll32.exe "c:\windows\system32\fohuvefa.dll",a
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe -a
O4 - HKCU\..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [] C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\wejy12.exe
O4 - HKCU\..\Run: [Windows Resurections] C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\wejy12.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Matt K.MOBILEDESTOYER\reader_s.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\3313143468.exe
O4 - HKCU\..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-1750612226-8623217660-147058013-9950\service.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\docume~1\mattk~1.mob\locals~1\temp\ntdll64.dll' missing
O16 - DPF: {03A13D5D-2C8E-4C1A-970D-D6D07A4FE3D0} (FileMgr Class) - https://atlas.atlassolutions.com/dl/AtlasCtrl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4Com.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\nosadepu.dll c:\windows\system32\fohuvefa.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Google Update Service (gupdate1c98a3f5a8465ae) (gupdate1c98a3f5a8465ae) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 11852 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:38 AM

Posted 27 March 2009 - 06:44 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 BrooklynMatt

BrooklynMatt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 27 March 2009 - 07:38 PM

OTListIt logfile created on: 3/27/2009 8:09:42 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Matt K.MOBILEDESTOYER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.43% Memory free
3.95 Gb Paging File | 3.40 Gb Available in Paging File | 86.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.82 Gb Total Space | 9.05 Gb Free Space | 12.61% Space Free | Partition Type: FAT32
Drive D: | 72.33 Gb Total Space | 51.87 Gb Free Space | 71.71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOBILEDESTOYER
Current User Name: Matt K
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/04/27 09:39:50 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/04/27 09:39:50 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2009/02/08 17:48:20 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2008/04/13 20:12:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/04/27 12:10:10 | 00,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2006/06/01 14:40:54 | 00,413,696 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006/06/27 23:54:52 | 16,248,320 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2006/06/23 06:59:02 | 00,602,112 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2005/12/04 19:39:20 | 00,461,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2007/09/25 01:11:36 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2007/09/26 14:42:04 | 00,267,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2006/05/30 12:11:56 | 00,421,888 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/11/04 07:35:02 | 00,086,016 | ---- | M] (alch) -- C:\Program Files\ClamWin\bin\ClamTray.exe
PRC - [2008/05/15 17:45:26 | 00,356,864 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
PRC - [2008/06/03 19:06:26 | 00,343,552 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2008/11/04 12:09:58 | 00,615,696 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/02/09 11:08:36 | 00,371,271 | ---- | M] (Plaxo, Inc.) -- C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe
PRC - [2009/02/09 11:08:38 | 00,020,480 | ---- | M] (Plaxo, Inc.) -- C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
PRC - [2007/08/30 10:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2009/03/27 16:34:30 | 00,015,001 | -H-- | M] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\wejy12.exe
PRC - [2009/03/27 16:34:30 | 00,015,001 | -H-- | M] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\wejy12.exe
PRC - [2009/03/27 16:34:46 | 00,030,208 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\reader_s.exe
PRC - [2009/03/27 16:38:04 | 00,022,529 | ---- | M] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\3313143468.exe
PRC - [2006/06/29 10:45:00 | 00,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2008/05/27 12:27:24 | 00,547,840 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2006/07/25 18:03:44 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2006/04/27 12:10:30 | 00,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2006/04/27 12:09:50 | 00,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2007/10/31 00:35:10 | 00,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2008/12/12 16:57:26 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/02/17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/01/21 19:37:16 | 00,143,360 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/22 20:15:28 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009/03/24 19:03:30 | 00,045,288 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2006/04/27 12:10:30 | 00,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2007/09/26 14:41:56 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2004/08/04 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2009/03/27 20:06:54 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/03/29 20:53:34 | 00,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService [Auto | Stopped])
SRV - [2007/01/27 17:03:44 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/04/27 09:39:50 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2006/07/25 18:03:44 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2006/04/27 12:10:30 | 00,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/04/27 12:10:30 | 00,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running])
SRV - [2006/04/27 12:09:50 | 00,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service [Auto | Running])
SRV - [2007/10/31 00:35:10 | 00,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh [Auto | Running])
SRV - [2007/10/31 00:02:58 | 00,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/08 17:48:20 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98a3f5a8465ae [Auto | Stopped])
SRV - [2009/03/24 13:36:22 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/09/26 14:41:56 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/04/13 20:11:56 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2008/12/12 16:57:26 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/02/17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006/07/25 18:03:44 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2005/01/21 19:37:16 | 00,143,360 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2007/07/24 05:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/07/24 05:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2007/08/16 08:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2007/08/16 08:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2007/08/16 08:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2007/01/22 20:15:28 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2009/03/24 19:03:30 | 00,045,288 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe -- (XobniService [Auto | Running])
SRV - [2007/03/14 17:03:40 | 00,975,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 05:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 14:36:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2006/05/10 11:27:00 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2006/01/24 19:44:52 | 00,488,448 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2006/04/27 09:46:50 | 01,540,096 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2006/01/17 10:15:26 | 00,030,285 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btwmodem.sys -- (btwmodem [On_Demand | Stopped])
DRV - [2006/05/12 13:49:38 | 00,806,272 | ---- | M] (Bison Electronics. Inc. ) -- C:\WINDOWS\System32\Drivers\BisonCam.sys -- (Cam5603D [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2006/12/08 22:50:28 | 00,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\system32\drivers\DigiFilt.sys -- (DigiFilter [Boot | Running])
DRV - [2004/12/07 23:10:00 | 00,016,896 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\system32\DRIVERS\DKbFltr.sys -- (DKbFltr [On_Demand | Running])
DRV - [2005/12/23 01:13:06 | 00,013,184 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO [Auto | Running])
DRV - [2006/05/24 19:19:40 | 00,061,056 | ---- | M] (ENE Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\EMS7SK.sys -- (EMSCR [On_Demand | Running])
DRV - [2006/05/24 19:19:48 | 00,040,064 | ---- | M] (ENE Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\ESD7SK.sys -- (ESDCR [On_Demand | Running])
DRV - [2006/05/24 19:19:44 | 00,074,752 | ---- | M] (ENE Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\ESM7SK.sys -- (ESMCR [On_Demand | Running])
DRV - [2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 12:36:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/07/15 11:17:44 | 00,051,120 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2005/07/15 11:17:44 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2005/07/15 11:17:44 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2006/06/12 01:59:52 | 00,208,384 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2006/06/12 02:00:42 | 00,990,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2006/01/11 16:12:54 | 00,194,048 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Stopped])
DRV - [2006/06/02 13:59:50 | 00,069,632 | ---- | M] () -- C:\WINDOWS\system32\drivers\int15.sys -- (int15 [Auto | Running])
DRV - [2006/06/28 01:25:24 | 04,304,384 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2001/08/17 13:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Stopped])
DRV - [2007/11/15 09:55:22 | 00,023,048 | ---- | M] () -- C:\WINDOWS\System32\Drivers\M-Audio_KeyStudio49i_DFU.sys -- (MADFU [On_Demand | Stopped])
DRV - [2007/11/15 09:55:46 | 00,138,760 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\mausbks.sys -- (MAUSBKS [On_Demand | Stopped])
DRV - [2008/05/27 12:11:54 | 00,096,896 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running])
DRV - [2006/02/14 20:57:46 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2004/08/04 05:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2009/03/27 16:34:56 | 00,182,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS [Boot | Running])
DRV - [2006/06/20 13:56:22 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
DRV - [2005/12/01 18:57:56 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2008/06/10 20:18:06 | 00,012,800 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\Drivers\psdfilter.sys -- (psdfilter [On_Demand | Running])
DRV - [2008/06/10 20:18:52 | 00,060,416 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\Drivers\psdvdisk.sys -- (psdvdisk [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2006/06/16 04:56:38 | 00,083,968 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Stopped])
DRV - [2008/05/28 10:33:36 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2008/05/28 10:33:38 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2008/05/28 10:33:36 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 05:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2004/12/09 14:54:12 | 00,046,592 | ---- | M] (SMSC) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2008/01/29 10:39:32 | 00,716,272 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/12/22 12:24:50 | 00,080,272 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2007/01/22 19:27:42 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2004/08/04 05:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2006/03/03 12:52:30 | 00,192,672 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2007/09/05 12:04:34 | 00,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd [Boot | Running])
DRV - [2006/06/02 13:59:54 | 00,014,544 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\tvicport.sys -- (tvicport [Auto | Running])
DRV - [2004/12/17 16:14:44 | 00,013,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2006/06/12 01:59:46 | 00,727,808 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2006/06/02 13:59:52 | 00,006,080 | ---- | M] (Zeal SoftStudio) -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fuser.com/fuser.aspx
IE - HKU\S-1-5-21-42978776-431241364-3229860803-1005\S-1-5-21-42978776-431241364-3229860803-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-42978776-431241364-3229860803-1005\S-1-5-21-42978776-431241364-3229860803-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.2
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.1
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.0.4
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.2
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.29
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.4.4
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.5.2008112201
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/12 16:57:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/02 14:21:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.13\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2007/01/22 15:36:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.13\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2007/01/22 15:36:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX 3 BETA 5\COMPONENTS [2008/04/08 12:59:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX 3 BETA 5\PLUGINS [2008/04/08 12:59:46 | 00,000,000 | ---D | M]

[2008/08/13 15:21:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Extensions
[2008/05/30 13:44:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/08/13 15:21:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/07/07 19:35:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Extensions\songbird@songbirdnest.com
[2009/02/01 16:02:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Extensions\uploadr@flickr.com
[2008/08/13 15:21:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\q5jg1s8v.default\extensions
[2007/01/22 15:36:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions
[2009/03/20 11:33:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2008/11/25 11:42:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2008/05/05 18:19:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}(2)
[2008/08/08 16:18:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/03/03 13:05:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2007/05/23 11:33:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{5a2b4e34-ce62-42e9-a658-06ba4490adf8}
[2009/03/11 17:51:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2008/06/03 10:28:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2008/05/05 18:19:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}(2)
[2009/03/04 15:51:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/03/03 13:05:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2008/05/03 14:47:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}(2)
[2008/12/29 17:04:54 | 00,001,595 | ---- | M] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\Mozilla\FireFox\Profiles\z5fknn13.default\searchplugins\amazondotcom.xml
[2008/12/29 17:04:56 | 00,001,595 | ---- | M] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\Mozilla\FireFox\Profiles\z5fknn13.default\searchplugins\ebay.xml
[2007/01/22 15:36:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/01/22 15:36:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/23 09:15:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/09/03 15:40:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/11/07 14:45:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/31 13:38:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2007/01/22 15:36:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\inspector@mozilla.org
[2008/03/27 13:33:20 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/03/27 13:33:20 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/03/27 13:33:20 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/03/27 13:33:20 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/03/27 13:33:20 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2006/12/04 23:15:24 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2006/12/04 23:15:24 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2006/12/04 23:15:24 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2006/12/04 23:15:24 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2006/12/04 23:15:24 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
[2007/03/08 13:06:34 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\..\Toolbar\Webbrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [ALCMTR.EXE] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background (Research In Motion Limited)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon (alch)
O4 - HKLM..\Run: [cli.exe] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
O4 - HKLM..\Run: [CPM038db9ee] Rundll32.exe "c:\windows\system32\fohuvefa.dll",a File not found
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0 (HiTRUST)
O4 - HKLM..\Run: [Empowering] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [ipoint.exe] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper.exe] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [jusched.exe] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [LManager.exe] C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM (Stardock and Luca Saggese)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [PCMService.exe] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe File not found
O4 - HKLM..\Run: [RTHDCPL.EXE] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel.EXE] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [sujagigidu] Rundll32.exe "C:\WINDOWS\system32\viyiyini.dll",s File not found
O4 - HKLM..\Run: [Wxapigihag] rundll32.exe "C:\WINDOWS\Fduvogevusukase.dll",e ()
O4 - HKU\S-1-5-21-42978776-431241364-3229860803-1005..\Run: [] C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\wejy12.exe ()
O4 - HKU\S-1-5-21-42978776-431241364-3229860803-1005..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-1750612226-8623217660-147058013-9950\service.exe ()
O4 - HKU\S-1-5-21-42978776-431241364-3229860803-1005..\Run: [Diagnostic Manager] C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\3313143468.exe ()
O4 - HKU\S-1-5-21-42978776-431241364-3229860803-1005..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
O4 - HKU\S-1-5-21-42978776-431241364-3229860803-1005..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe (Plaxo, Inc.)
O4 - HKU\S-1-5-21-42978776-431241364-3229860803-1005..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe -a (Plaxo, Inc.)
O4 - HKU\S-1-5-21-42978776-431241364-3229860803-1005..\Run: [reader_s] C:\Documents and Settings\Matt K.MOBILEDESTOYER\reader_s.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-42978776-431241364-3229860803-1005..\Run: [Windows Resurections] C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\wejy12.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\Matt K.MOBILEDESTOYER\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {03A13D5D-2C8E-4C1A-970D-D6D07A4FE3D0} https://atlas.atlassolutions.com/dl/AtlasCtrl.cab (FileMgr Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4Com.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\nosadepu.dll) - C:\WINDOWS\system32\nosadepu.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\fohuvefa.dll) - c:\windows\system32\fohuvefa.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/20 13:56:58 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{c0df3228-0585-11dd-9cba-0016cf3a3b09}\Shell\AutoRun\command - "" = RECYCLER\Iasass.exe
O33 - MountPoints2\{c0df3228-0585-11dd-9cba-0016cf3a3b09}\Shell\open\command - "" = RECYCLER\Iasass.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (smrgdf C:\Documents and Settings\Matt K\Application Data\iolo\) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/03/27 20:08:51 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Desktop\li1yzoz0.exe
[2009/03/27 20:08:32 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Desktop\OTListIt2.exe
[2009/03/27 18:16:04 | 21,455,62624 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/27 16:37:14 | 00,001,394 | ---- | C] () -- C:\WINDOWS\System32\ahtn.htm
[2009/03/27 16:36:25 | 00,000,446 | ---- | C] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/03/27 16:35:53 | 00,104,960 | ---- | C] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/03/27 16:35:13 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2009/03/27 16:34:55 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/03/27 16:34:49 | 00,000,000 | RHSD | C] -- C:\RECYCLER
[2009/03/27 16:34:41 | 00,043,008 | ---- | C] () -- C:\aoqckrns.exe
[2009/03/27 16:34:38 | 00,027,136 | ---- | C] () -- C:\ajtbyh.exe
[2009/03/27 16:34:26 | 00,000,002 | ---- | C] () -- C:\12487389
[2009/03/27 16:34:25 | 00,007,680 | ---- | C] () -- C:\wicnin.exe
[2009/03/27 16:34:21 | 00,040,448 | ---- | C] () -- C:\WINDOWS\Fduvogevusukase.dll
[2009/03/27 16:34:20 | 00,040,448 | ---- | C] () -- C:\dmsiacq.exe
[2009/03/27 16:34:17 | 00,009,216 | ---- | C] () -- C:\WINDOWS\instsp2.exe
[2009/03/27 16:34:16 | 00,099,328 | -HS- | C] () -- C:\WINDOWS\System32\guwakeba.dll
[2009/03/27 16:34:16 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\pozofohu.exe
[2009/03/27 16:29:04 | 00,067,584 | -HS- | C] (ICQ) -- C:\WINDOWS\System32\nosadepu.dll.vir
[2009/03/27 16:29:03 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\gijimogo
[2009/03/25 17:12:59 | 04,970,992 | ---- | C] (Xobni) -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Desktop\XobniSetup.exe
[2009/03/19 14:37:21 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/03/05 13:10:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/03/05 13:10:22 | 00,000,548 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TweetDeck.lnk
[2009/03/05 13:10:21 | 00,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2009/03/05 13:10:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/03/03 17:15:38 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/03/03 16:32:18 | 00,000,000 | -HSD | C] -- C:\FOUND.004
[2009/03/02 16:16:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\Application Data\Xobni
[2009/03/02 14:19:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

========== Files - Modified Within 30 Days ==========

[2009/03/27 20:07:18 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Desktop\li1yzoz0.exe
[2009/03/27 20:06:54 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Desktop\OTListIt2.exe
[2009/03/27 18:18:04 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/27 18:17:26 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/27 18:16:54 | 00,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2009/03/27 18:16:50 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/27 18:16:34 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/03/27 18:16:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/27 18:16:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/27 18:16:06 | 21,455,62624 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/27 18:02:28 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2009/03/27 17:10:02 | 00,000,446 | ---- | M] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/03/27 16:40:12 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\gijimogo
[2009/03/27 16:37:16 | 00,001,394 | ---- | M] () -- C:\WINDOWS\System32\ahtn.htm
[2009/03/27 16:35:22 | 00,104,960 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe
[2009/03/27 16:35:22 | 00,104,960 | ---- | M] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009/03/27 16:35:14 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009/03/27 16:34:56 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/03/27 16:34:56 | 00,182,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/03/27 16:34:44 | 00,043,008 | ---- | M] () -- C:\aoqckrns.exe
[2009/03/27 16:34:40 | 00,027,136 | ---- | M] () -- C:\ajtbyh.exe
[2009/03/27 16:34:34 | 00,000,002 | ---- | M] () -- C:\12487389
[2009/03/27 16:34:26 | 00,007,680 | ---- | M] () -- C:\wicnin.exe
[2009/03/27 16:34:22 | 00,040,448 | ---- | M] () -- C:\WINDOWS\Fduvogevusukase.dll
[2009/03/27 16:34:22 | 00,040,448 | ---- | M] () -- C:\dmsiacq.exe
[2009/03/27 16:34:20 | 00,061,440 | -HS- | M] () -- C:\WINDOWS\System32\pozofohu.exe
[2009/03/27 16:34:18 | 00,099,328 | -HS- | M] () -- C:\WINDOWS\System32\guwakeba.dll
[2009/03/27 16:34:18 | 00,009,216 | ---- | M] () -- C:\WINDOWS\instsp2.exe
[2009/03/27 16:29:08 | 00,067,584 | -HS- | M] (ICQ) -- C:\WINDOWS\System32\nosadepu.dll.vir
[2009/03/27 11:48:28 | 00,001,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/03/25 17:13:08 | 04,970,992 | ---- | M] (Xobni) -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Desktop\XobniSetup.exe
[2009/03/12 11:40:34 | 00,345,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 19:25:42 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/11 16:05:42 | 00,007,680 | ---- | M] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 16:01:12 | 00,052,224 | -HS- | M] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\My Documents\Thumbs.db
[2009/03/05 13:10:24 | 00,000,548 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TweetDeck.lnk
[2009/03/04 15:28:18 | 00,556,744 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/04 15:28:18 | 00,466,542 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/04 15:28:18 | 00,079,974 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
< End of report >




GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-03-27 20:33:25
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spbc.sys ZwCreateKey [0xBA6AB0E0]
SSDT spbc.sys ZwEnumerateKey [0xBA6C8CA2]
SSDT spbc.sys ZwEnumerateValueKey [0xBA6C9030]
SSDT spbc.sys ZwOpenKey [0xBA6AB0C0]
SSDT spbc.sys ZwQueryKey [0xBA6C9108]
SSDT spbc.sys ZwQueryValueKey [0xBA6C8F88]
SSDT spbc.sys ZwSetValueKey [0xBA6C919A]

INT 0x62 ? 846C8BF8
INT 0x73 ? 846C8BF8
INT 0x73 ? 846C8BF8
INT 0x73 ? 846C8BF8
INT 0xB4 ? 84500BF8
INT 0xB4 ? 84500BF8
INT 0xB4 ? 84500BF8
INT 0xB4 ? 84500BF8

Code 845BE4D0 pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? spbc.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload BA1DE8AC 5 Bytes JMP 845001D8
.text ayapuaeu.SYS B9F7F384 1 Byte [20]
.text ayapuaeu.SYS B9F7F384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text ayapuaeu.SYS B9F7F3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text ayapuaeu.SYS B9F7F3C4 3 Bytes [00, 00, 00]
.text ayapuaeu.SYS B9F7F3C9 1 Byte [00]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[3232] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00F31B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
? C:\WINDOWS\System32\svchost.exe[3656] image checksum mismatch; time/date stamp mismatch;

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6AC040] spbc.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6AC13C] spbc.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6AC0BE] spbc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6AC7FC] spbc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6AC6D2] spbc.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6BBD92] spbc.sys
IAT \SystemRoot\System32\Drivers\ayapuaeu.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\ayapuaeu.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\ayapuaeu.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\ayapuaeu.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\ayapuaeu.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\ayapuaeu.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\ayapuaeu.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\ayapuaeu.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\ayapuaeu.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\ayapuaeu.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\ayapuaeu.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\ayapuaeu.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\ayapuaeu.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\ayapuaeu.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\ayapuaeu.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD7AAB] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD7842] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DDEAD7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DFBCC3] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DDEFB8] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DD6C17] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [7C9100A4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [7C80AC51] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [7C90FF0D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [7C80236B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [7C834D59] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C809BD7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C810E17] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C83290F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C863AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C802213] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C809B02] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C8021D0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C839725] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C80BE91] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C814B82] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C812B6E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C90FE01] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C80E9CF] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C802530] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C802446] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C8106C7] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C801E1A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C80DE85] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C863E6A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C92ABA5] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [71AB2EAD] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [71AB2E53] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [71AB676F] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [71AB3E2B] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [71AB4A07] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [71AB4211] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [71AB4C27] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [71AB3FED] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [71AB6A55] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [71AB5355] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C902645] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 49C2DBEE
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 00000000
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 00000002
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 00000056
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 00001288
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 00000688
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 00000020
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 00004E42
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 005C3A43
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 74737953
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 69426D65
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 6164736F
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 00006574
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 44524148
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 45524157
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 50495243
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 4E4F4954
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 7379535C
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 006D6574
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 65646956
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 6F69426F
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 74614473
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00000065
IAT C:\WINDOWS\System32\svchost.exe[3656] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 6E656449

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82E5F1F8

AttachedDevice \FileSystem\Ntfs \Ntfs DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs psdfilter.sys (PSD Filter Driver/HiTRUST)

Device \FileSystem\Fastfat \FatCdrom 846431F8
Device \Driver\NDIS \Device\Ndis [8451D984] NDIS.sys[.reloc]

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbohci \Device\USBPDO-0 845B61F8
Device \Driver\usbohci \Device\USBPDO-1 845B61F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 846C91F8
Device \Driver\dmio \Device\DmControl\DmConfig 846C91F8
Device \Driver\dmio \Device\DmControl\DmPnP 846C91F8
Device \Driver\dmio \Device\DmControl\DmInfo 846C91F8
Device \Driver\usbehci \Device\USBPDO-2 845101F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0B5F6EFB-1878-4FAD-8004-8C847AE6032F} 8403A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 846551F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 846551F8
Device \Driver\Cdrom \Device\CdRom0 845B81F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 846551F8
Device \Driver\Cdrom \Device\CdRom1 845B81F8
Device \Driver\Cdrom \Device\CdRom2 845B81F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8403A1F8
Device \Driver\NetBT \Device\NetbiosSmb 8403A1F8
Device \Driver\PCI_PNP2568 \Device\00000087 spbc.sys
Device \Driver\usbohci \Device\USBFDO-0 845B61F8
Device \Driver\usbohci \Device\USBFDO-1 845B61F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8402A1F8
Device \Driver\usbehci \Device\USBFDO-2 845101F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8402A1F8
Device \Driver\Ftdisk \Device\FtControl 846551F8
Device \Driver\sptd \Device\3494833818 spbc.sys
Device \Driver\ayapuaeu \Device\Scsi\ayapuaeu1Port5Path0Target0Lun0 844411F8
Device \Driver\ayapuaeu \Device\Scsi\ayapuaeu1 844411F8
Device \FileSystem\Fastfat \Fat 846431F8

AttachedDevice \FileSystem\Fastfat \Fat DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat psdfilter.sys (PSD Filter Driver/HiTRUST)

Device \FileSystem\Cdfs \Cdfs 84025500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0x41 0x3A 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x71 0x78 0x45 0x6E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x31 0x04 0x5E 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016cedfcee6
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0x41 0x3A 0x3B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x71 0x78 0x45 0x6E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x31 0x04 0x5E 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cedfcee6
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cedfcee6@000f86b99a79 0xA4 0x44 0x3F 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0x41 0x3A 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x71 0x78 0x45 0x6E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x31 0x04 0x5E 0xCC ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0016cedfcee6
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0016cedfcee6@000f86b99a79 0xA4 0x44 0x3F 0x0F ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0x41 0x3A 0x3B ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x71 0x78 0x45 0x6E ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x31 0x04 0x5E 0xCC ...

---- EOF - GMER 1.0.15 ----

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:38 AM

Posted 28 March 2009 - 10:30 AM

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - [2009/03/27 16:34:30 | 00,015,001 | -H-- | M] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\wejy12.exe
    PRC - [2009/03/27 16:34:30 | 00,015,001 | -H-- | M] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\wejy12.exe
    PRC - [2009/03/27 16:38:04 | 00,022,529 | ---- | M] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\3313143468.exe
    O3 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\..\Toolbar\Webbrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
    O4 - HKLM..\Run: [sujagigidu] Rundll32.exe "C:\WINDOWS\system32\viyiyini.dll",s File not found
    O4 - HKLM..\Run: [Wxapigihag] rundll32.exe "C:\WINDOWS\Fduvogevusukase.dll",e ()
    O4 - HKU\S-1-5-21-42978776-431241364-3229860803-1005..\Run: [] C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\wejy12.exe ()
    O4 - HKU\S-1-5-21-42978776-431241364-3229860803-1005..\Run: [12ZFG94-F641-2SF-K31P-5N1ER6H6L2] C:\RECYCLER\S-1-5-21-1750612226-8623217660-147058013-9950\service.exe ()
    O4 - HKU\S-1-5-21-42978776-431241364-3229860803-1005..\Run: [Diagnostic Manager] C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\3313143468.exe ()
    O4 - HKU\S-1-5-21-42978776-431241364-3229860803-1005..\Run: [Windows Resurections] C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\wejy12.exe ()
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\ntdll64.dll File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\nosadepu.dll) - C:\WINDOWS\system32\nosadepu.dll File not found
    O20 - AppInit_DLLs: (c:\windows\system32\fohuvefa.dll) - c:\windows\system32\fohuvefa.dll File not found
    O33 - MountPoints2\{c0df3228-0585-11dd-9cba-0016cf3a3b09}\Shell\AutoRun\command - "" = RECYCLER\Iasass.exe
    O33 - MountPoints2\{c0df3228-0585-11dd-9cba-0016cf3a3b09}\Shell\open\command - "" = RECYCLER\Iasass.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (smrgdf C:\Documents and Settings\Matt K\Application Data\iolo\) - File not found
    
    
    
    :Files
    C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\wejy12.exe
    C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\3313143468.exe
    C:\WINDOWS\System32\ahtn.htm
    C:\WINDOWS\System32\win32hlp.cnf
    C:\WINDOWS\System32\dllcache\userinit.exe
    C:\WINDOWS\System32\uniq.tll
    C:\aoqckrns.exe
    C:\ajtbyh.exe
    C:\12487389
    C:\wicnin.exe
    C:\WINDOWS\Fduvogevusukase.dll
    C:\dmsiacq.exe
    C:\WINDOWS\instsp2.exe
    C:\WINDOWS\System32\guwakeba.dll
    C:\WINDOWS\System32\pozofohu.exe
    C:\WINDOWS\System32\nosadepu.dll.vir
    C:\WINDOWS\System32\gijimogo
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

===================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 BrooklynMatt

BrooklynMatt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 28 March 2009 - 02:38 PM

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Process wejy12.exe killed successfully!
Process wejy12.exe killed successfully!
Process 3313143468.exe killed successfully!
Registry value HKEY_USERS\S-1-5-21-42978776-431241364-3229860803-1005\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sujagigidu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Wxapigihag deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\Fduvogevusukase.DLL
C:\WINDOWS\Fduvogevusukase.DLL NOT unregistered.
C:\WINDOWS\Fduvogevusukase.DLL moved successfully.
Registry value HKEY_USERS\S-1-5-21-42978776-431241364-3229860803-1005\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\wejy12.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-42978776-431241364-3229860803-1005\Software\Microsoft\Windows\CurrentVersion\Run\\12ZFG94-F641-2SF-K31P-5N1ER6H6L2 deleted successfully.
C:\RECYCLER\S-1-5-21-1750612226-8623217660-147058013-9950\service.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-42978776-431241364-3229860803-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Diagnostic Manager deleted successfully.
C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\3313143468.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-42978776-431241364-3229860803-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Resurections deleted successfully.
File C:\DOCUME~1\MATTK~1.MOB\LOCALS~1\Temp\wejy12.exe not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000027\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000028\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000029\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\nosadepu.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\fohuvefa.dll deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0df3228-0585-11dd-9cba-0016cf3a3b09}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0df3228-0585-11dd-9cba-0016cf3a3b09}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0df3228-0585-11dd-9cba-0016cf3a3b09}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0df3228-0585-11dd-9cba-0016cf3a3b09}\ not found.
File not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:smrgdf C:\Documents and Settings\Matt K\Application Data\iolo\ deleted successfully.
========== FILES ==========
File/Folder C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\wejy12.exe not found.
File/Folder C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\3313143468.exe not found.
C:\WINDOWS\System32\ahtn.htm moved successfully.
C:\WINDOWS\System32\win32hlp.cnf moved successfully.
C:\WINDOWS\System32\dllcache\userinit.exe moved successfully.
C:\WINDOWS\System32\uniq.tll moved successfully.
C:\aoqckrns.exe moved successfully.
C:\ajtbyh.exe moved successfully.
C:\12487389 moved successfully.
C:\wicnin.exe moved successfully.
File/Folder C:\WINDOWS\Fduvogevusukase.dll not found.
C:\dmsiacq.exe moved successfully.
C:\WINDOWS\instsp2.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\guwakeba.dll
C:\WINDOWS\System32\guwakeba.dll NOT unregistered.
C:\WINDOWS\System32\guwakeba.dll moved successfully.
C:\WINDOWS\System32\pozofohu.exe moved successfully.
C:\WINDOWS\System32\nosadepu.dll.vir moved successfully.
C:\WINDOWS\System32\gijimogo moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\ClamWin1.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\~DF6ABB.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\~DFD204.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\Perflib_Perfdata_86c.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_a2c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7dc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.7.2 log created on 03282009_150851

Files moved on Reboot...
C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\ClamWin1.log moved successfully.
C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\~DF6ABB.tmp moved successfully.
C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\~DFD204.tmp moved successfully.
File C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\Perflib_Perfdata_86c.dat not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_a2c.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_7dc.dat moved successfully.

Registry entries deleted on Reboot...




Malwarebytes' Anti-Malware 1.35
Database version: 1904
Windows 5.1.2600 Service Pack 3

3/28/2009 3:33:44 PM
mbam-log-2009-03-28 (15-33-44).txt

Scan type: Quick Scan
Objects scanned: 91973
Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 12
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
C:\Documents and Settings\Matt K.MOBILEDESTOYER\reader_s.exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm038db9ee (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Matt K.MOBILEDESTOYER\reader_s.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\services\services.dll (Trojan.Agent) -> Quarantined and deleted successfully.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:38 AM

Posted 28 March 2009 - 05:42 PM

Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Also post a new log from OTListIt2.
How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 BrooklynMatt

BrooklynMatt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 28 March 2009 - 06:07 PM

I keep getting a pop up saying "MemCheck.exe - Common Language Runtime Debugging Services" followed by "Application has generated an exception that could not be handled. Process id=0x71c (1820), Thread id=0x720 (1824). Click OK to terminate application. Click CANCEL to debug the application" I've received a few similar messages as well.

I think the original scan and repair I did with SUPERantivirus screwed something up. Should I restore my computer to an earlier date?

I can't run the online scanner because I can't get online. No networks are showing up in wireless and when I tried plugging into the modem directly that did not work either.

Here's the latest OTList report

OTListIt logfile created on: 3/28/2009 6:58:52 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Matt K.MOBILEDESTOYER\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.59% Memory free
3.95 Gb Paging File | 3.54 Gb Available in Paging File | 89.67% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.82 Gb Total Space | 9.32 Gb Free Space | 12.98% Space Free | Partition Type: FAT32
Drive D: | 72.33 Gb Total Space | 51.87 Gb Free Space | 71.71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOBILEDESTOYER
Current User Name: Matt K
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/04/27 09:39:50 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/04/27 09:39:50 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/04/13 20:12:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/07/25 18:03:44 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2006/04/27 12:10:30 | 00,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2006/04/27 12:09:50 | 00,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2007/10/31 00:35:10 | 00,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2008/12/12 16:57:26 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/08 17:48:20 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2006/02/17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/01/21 19:37:16 | 00,143,360 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2007/01/22 20:15:28 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009/03/24 19:03:30 | 00,045,288 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2006/04/27 12:10:30 | 00,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2006/04/27 12:10:10 | 00,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2006/06/01 14:40:54 | 00,413,696 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/04/13 20:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2006/06/27 23:54:52 | 16,248,320 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2006/06/23 06:59:02 | 00,602,112 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2005/12/04 19:39:20 | 00,461,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2007/09/25 01:11:36 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
PRC - [2007/09/26 14:42:04 | 00,267,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2006/05/30 12:11:56 | 00,421,888 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/05/15 17:45:26 | 00,356,864 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
PRC - [2008/06/03 19:06:26 | 00,343,552 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2008/11/04 12:09:58 | 00,615,696 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/02/09 11:08:36 | 00,371,271 | ---- | M] (Plaxo, Inc.) -- C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe
PRC - [2009/02/09 11:08:38 | 00,020,480 | ---- | M] (Plaxo, Inc.) -- C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe
PRC - [2007/08/30 10:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/06/29 10:45:00 | 00,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2008/05/27 12:27:24 | 00,547,840 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2004/08/04 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2007/09/26 14:41:56 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/27 20:06:54 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/03/29 20:53:34 | 00,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService [Auto | Stopped])
SRV - [2007/01/27 17:03:44 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006/04/27 09:39:50 | 00,405,504 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2006/07/25 18:03:44 | 00,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Stopped])
SRV - [2006/04/27 12:10:30 | 00,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/04/27 12:10:30 | 00,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running])
SRV - [2006/04/27 12:09:50 | 00,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service [Auto | Running])
SRV - [2007/10/31 00:35:10 | 00,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh [Auto | Running])
SRV - [2007/10/31 00:02:58 | 00,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/08 17:48:20 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98a3f5a8465ae [Auto | Stopped])
SRV - [2009/03/24 13:36:22 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Stopped])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/09/26 14:41:56 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/04/13 20:11:56 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Stopped])
SRV - [2008/12/12 16:57:26 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/02/17 15:26:32 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006/07/25 18:03:44 | 02,119,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 12:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2005/01/21 19:37:16 | 00,143,360 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
SRV - [2007/07/24 05:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
SRV - [2007/07/24 05:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
SRV - [2007/08/16 08:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2007/08/16 08:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2007/08/16 08:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2007/01/22 20:15:28 | 01,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2009/03/24 19:03:30 | 00,045,288 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe -- (XobniService [Auto | Running])
SRV - [2007/03/14 17:03:40 | 00,975,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/08/04 05:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 14:36:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2006/05/10 11:27:00 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2006/01/24 19:44:52 | 00,488,448 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2006/04/27 09:46:50 | 01,540,096 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2006/01/17 10:15:26 | 00,030,285 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btwmodem.sys -- (btwmodem [On_Demand | Stopped])
DRV - [2006/05/12 13:49:38 | 00,806,272 | ---- | M] (Bison Electronics. Inc. ) -- C:\WINDOWS\System32\Drivers\BisonCam.sys -- (Cam5603D [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2006/12/08 22:50:28 | 00,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\system32\drivers\DigiFilt.sys -- (DigiFilter [Boot | Running])
DRV - [2004/12/07 23:10:00 | 00,016,896 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\system32\DRIVERS\DKbFltr.sys -- (DKbFltr [On_Demand | Running])
DRV - [2005/12/23 01:13:06 | 00,013,184 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO [Auto | Running])
DRV - [2006/05/24 19:19:40 | 00,061,056 | ---- | M] (ENE Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\EMS7SK.sys -- (EMSCR [On_Demand | Running])
DRV - [2006/05/24 19:19:48 | 00,040,064 | ---- | M] (ENE Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\ESD7SK.sys -- (ESDCR [On_Demand | Running])
DRV - [2006/05/24 19:19:44 | 00,074,752 | ---- | M] (ENE Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\ESM7SK.sys -- (ESMCR [On_Demand | Running])
DRV - [2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 12:36:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/07/15 11:17:44 | 00,051,120 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2005/07/15 11:17:44 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2005/07/15 11:17:44 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2006/06/12 01:59:52 | 00,208,384 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2006/06/12 02:00:42 | 00,990,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2006/01/11 16:12:54 | 00,194,048 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Stopped])
DRV - [2006/06/02 13:59:50 | 00,069,632 | ---- | M] () -- C:\WINDOWS\system32\drivers\int15.sys -- (int15 [Auto | Running])
DRV - [2006/06/28 01:25:24 | 04,304,384 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2001/08/17 13:51:32 | 00,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\irsir.sys -- (irsir [On_Demand | Stopped])
DRV - [2007/11/15 09:55:22 | 00,023,048 | ---- | M] () -- C:\WINDOWS\System32\Drivers\M-Audio_KeyStudio49i_DFU.sys -- (MADFU [On_Demand | Stopped])
DRV - [2007/11/15 09:55:46 | 00,138,760 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\mausbks.sys -- (MAUSBKS [On_Demand | Stopped])
DRV - [2008/05/27 12:11:54 | 00,096,896 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\DRIVERS\mcdbus.sys -- (mcdbus [On_Demand | Running])
DRV - [2006/02/14 20:57:46 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2004/08/04 05:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2006/06/20 13:56:22 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
DRV - [2005/12/01 18:57:56 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2008/06/10 20:18:06 | 00,012,800 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\Drivers\psdfilter.sys -- (psdfilter [On_Demand | Running])
DRV - [2008/06/10 20:18:52 | 00,060,416 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\Drivers\psdvdisk.sys -- (psdvdisk [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2006/06/16 04:56:38 | 00,083,968 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2008/05/28 10:33:36 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2008/05/28 10:33:38 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2008/05/28 10:33:36 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/11/13 05:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2004/12/09 14:54:12 | 00,046,592 | ---- | M] (SMSC) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys -- (SMCIRDA [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2008/01/29 10:39:32 | 00,716,272 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/12/22 12:24:50 | 00,080,272 | ---- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
DRV - [2004/08/04 05:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2007/01/22 19:27:42 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2004/08/04 05:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2006/03/03 12:52:30 | 00,192,672 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2007/09/05 12:04:34 | 00,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd [Boot | Running])
DRV - [2006/06/02 13:59:54 | 00,014,544 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\tvicport.sys -- (tvicport [Auto | Running])
DRV - [2004/12/17 16:14:44 | 00,013,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper [Boot | Running])
DRV - [2004/08/04 05:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2006/06/12 01:59:46 | 00,727,808 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2006/06/02 13:59:52 | 00,006,080 | ---- | M] (Zeal SoftStudio) -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fuser.com/fuser.aspx
IE - HKU\S-1-5-21-42978776-431241364-3229860803-1005\S-1-5-21-42978776-431241364-3229860803-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-42978776-431241364-3229860803-1005\S-1-5-21-42978776-431241364-3229860803-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:2.7.2
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.1
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.0.4
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}:5.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.2
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.29
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.4.4
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.5.2008112201
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/12 16:57:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/02 14:21:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.13\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2007/01/22 15:36:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.13\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2007/01/22 15:36:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX 3 BETA 5\COMPONENTS [2008/04/08 12:59:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX 3 BETA 5\PLUGINS [2008/04/08 12:59:46 | 00,000,000 | ---D | M]

[2008/08/13 15:21:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Extensions
[2008/05/30 13:44:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/08/13 15:21:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/07/07 19:35:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Extensions\songbird@songbirdnest.com
[2009/02/01 16:02:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Extensions\uploadr@flickr.com
[2008/08/13 15:21:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\q5jg1s8v.default\extensions
[2007/01/22 15:36:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions
[2009/03/20 11:33:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2008/11/25 11:42:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2008/05/05 18:19:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}(2)
[2008/08/08 16:18:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/03/03 13:05:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2007/05/23 11:33:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{5a2b4e34-ce62-42e9-a658-06ba4490adf8}
[2009/03/11 17:51:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2008/06/03 10:28:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2008/05/05 18:19:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}(2)
[2009/03/04 15:51:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/03/03 13:05:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2008/05/03 14:47:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\mozilla\Firefox\Profiles\z5fknn13.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}(2)
[2008/12/29 17:04:54 | 00,001,595 | ---- | M] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\Mozilla\FireFox\Profiles\z5fknn13.default\searchplugins\amazondotcom.xml
[2008/12/29 17:04:56 | 00,001,595 | ---- | M] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\Mozilla\FireFox\Profiles\z5fknn13.default\searchplugins\ebay.xml
[2007/01/22 15:36:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/01/22 15:36:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/23 09:15:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/09/03 15:40:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/11/07 14:45:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/31 13:38:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2007/01/22 15:36:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\inspector@mozilla.org
[2008/03/27 13:33:20 | 00,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/03/27 13:33:20 | 00,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/03/27 13:33:20 | 00,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/03/27 13:33:20 | 00,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/03/27 13:33:20 | 00,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2006/12/04 23:15:24 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2006/12/04 23:15:24 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2006/12/04 23:15:24 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2006/12/04 23:15:24 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2006/12/04 23:15:24 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
[2007/03/08 13:06:34 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [ALCMTR.EXE] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background (Research In Motion Limited)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon (alch)
O4 - HKLM..\Run: [cli.exe] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0 (HiTRUST)
O4 - HKLM..\Run: [Empowering] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [ipoint.exe] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [iTunesHelper.exe] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [jusched.exe] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [LManager.exe] C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM (Stardock and Luca Saggese)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [PCMService.exe] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL.EXE] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel.EXE] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-42978776-431241364-3229860803-1005..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
O4 - HKU\S-1-5-21-42978776-431241364-3229860803-1005..\Run: [PlaxoSysTray] C:\Program Files\Plaxo\3.19.0.16\PlaxoSysTray.exe (Plaxo, Inc.)
O4 - HKU\S-1-5-21-42978776-431241364-3229860803-1005..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\3.19.0.16\PlaxoHelper_en.exe -a (Plaxo, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\Matt K.MOBILEDESTOYER\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartBanner = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-42978776-431241364-3229860803-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {03A13D5D-2C8E-4C1A-970D-D6D07A4FE3D0} https://atlas.atlassolutions.com/dl/AtlasCtrl.cab (FileMgr Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Xobni\Skype4Com.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/20 13:56:58 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/01/31 18:59:10 | 00,045,056 | R--- | M] () - I:\AutoUpdate.dll -- [ FAT ]
O32 - AutoRun File - [2009/03/28 15:08:54 | 00,000,190 | ---- | M] () - I:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{c0df3228-0585-11dd-9cba-0016cf3a3b09}\Shell\AutoRun\command - "" = RECYCLER\Iasass.exe
O33 - MountPoints2\{c0df3228-0585-11dd-9cba-0016cf3a3b09}\Shell\open\command - "" = RECYCLER\Iasass.exe

========== Files/Folders - Created Within 30 Days ==========

[2009/03/28 15:18:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\Malwarebytes
[2009/03/28 15:18:26 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/28 15:18:26 | 00,000,534 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/28 15:18:24 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/28 15:18:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Desktop\Malwarebytes' Anti-Malware
[2009/03/28 15:18:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/28 15:08:51 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/27 20:59:38 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/03/27 20:59:38 | 00,086,528 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/03/27 20:59:38 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/03/27 20:59:38 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/03/27 20:59:38 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/03/27 20:59:38 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/03/27 20:59:38 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/03/27 20:08:51 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Desktop\li1yzoz0.exe
[2009/03/27 20:08:32 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Desktop\OTListIt2.exe
[2009/03/27 18:16:04 | 21,455,62624 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/27 16:34:55 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/03/27 16:34:49 | 00,000,000 | RHSD | C] -- C:\RECYCLER
[2009/03/25 17:12:59 | 04,970,992 | ---- | C] (Xobni) -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Desktop\XobniSetup.exe
[2009/03/19 14:37:21 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/03/05 13:10:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/03/05 13:10:22 | 00,000,548 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TweetDeck.lnk
[2009/03/05 13:10:21 | 00,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2009/03/05 13:10:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/03/03 17:15:38 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/03/03 16:32:18 | 00,000,000 | -HSD | C] -- C:\FOUND.004
[2009/03/02 16:16:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\Application Data\Xobni
[2009/03/02 14:19:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

========== Files - Modified Within 30 Days ==========

[2009/03/28 18:50:14 | 00,000,024 | ---- | M] () -- C:\WINDOWS\LogonStudio.ini
[2009/03/28 18:50:12 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/28 18:48:26 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/28 18:46:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/28 18:45:50 | 21,455,62624 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/28 16:55:28 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2009/03/28 15:18:28 | 00,000,534 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/28 15:09:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/27 20:07:18 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Desktop\li1yzoz0.exe
[2009/03/27 20:06:54 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Desktop\OTListIt2.exe
[2009/03/27 18:16:50 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/03/27 18:16:34 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/03/27 16:35:22 | 00,104,960 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe
[2009/03/27 16:34:56 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/03/27 16:34:56 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/03/27 11:48:28 | 00,001,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/25 17:13:08 | 04,970,992 | ---- | M] (Xobni) -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Desktop\XobniSetup.exe
[2009/03/12 11:40:34 | 00,345,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 19:25:42 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/11 16:05:42 | 00,007,680 | ---- | M] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 16:01:12 | 00,052,224 | -HS- | M] () -- C:\Documents and Settings\Matt K.MOBILEDESTOYER\My Documents\Thumbs.db
[2009/03/05 13:10:24 | 00,000,548 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TweetDeck.lnk
[2009/03/04 15:28:18 | 00,556,744 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/04 15:28:18 | 00,466,542 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/04 15:28:18 | 00,079,974 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
< End of report >

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:38 AM

Posted 28 March 2009 - 06:27 PM

How long has the connection been a problem?

Do not do a restore. That would put back at the beginning of this process.

Are you able to download something using another computer and transfer it over to the infected computer?
If so, download this program. Move it over to the infected computer and run it.

http://majorgeeks.com/download4372.html

Then check your connection and let me know if you can get online.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 BrooklynMatt

BrooklynMatt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 28 March 2009 - 06:48 PM

Yes, I've been transferring from a clean computer since the onset of the problem. I'll download the program you suggested and run it.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:38 AM

Posted 29 March 2009 - 08:23 AM

Any luck?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 BrooklynMatt

BrooklynMatt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 29 March 2009 - 10:57 AM

I downloaded the program frmo the page you suggested. There were two programs bundled together Spyware Doctor and Registry Mechanic - which should I run? Also, I keep getting a pop up from spyware doctor telling me that I need to reboot, which I've done twice but I keep getting it.

#12 BrooklynMatt

BrooklynMatt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 29 March 2009 - 12:05 PM

Nevermind, just realized those were not the programs you wanted me to download. Download didn't start the first time and I guess I clicked on ad by mistake. I'm downloading Winsock right now.

#13 BrooklynMatt

BrooklynMatt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 29 March 2009 - 12:16 PM

That worked. Back online, thanks! Running Kaspersky right now. Will post report when it finishes.

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:38 AM

Posted 29 March 2009 - 01:28 PM

Sounds good! :thumbup2:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 BrooklynMatt

BrooklynMatt
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 29 March 2009 - 10:56 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, March 29, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, March 29, 2009 19:18:29
Records in database: 1984838
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
I:\

Scan statistics:
Files scanned: 188680
Threat name: 32
Infected objects: 37
Suspicious objects: 1
Duration of the scan: 03:56:53


File name / Threat name / Threats count
C:\QooBox\Quarantine\C\WINDOWS\system32\tdssadw.dll.vir Infected: Rootkit.Win32.Clbd.hf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tdssl.dll.vir Infected: Trojan-Downloader.Win32.Small.abfx 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tdssmain.dll.vir Infected: Trojan.Win32.Agent.zfo 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tdsslog.dll.vir Infected: Backdoor.Win32.UltimateDefender.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lphcpd6j0etb1.exe.vir Infected: Trojan-Downloader.Win32.Small.aayx 1
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe.vir Infected: not-a-virus:FraudTool.Win32.AntiSpyWare2008.p 1
C:\QooBox\Quarantine\catchme2008-08-13_150824.48.zip Infected: Backdoor.Win32.Agent.oty 1
C:\WINDOWS\system32\userinit.exe Infected: Trojan-Dropper.Win32.Agent.akxv 1
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.40_1.exe Infected: Trojan.Win32.BHO.fos 1
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kev 1
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kew 1
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kez 1
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kcw 1
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.key 1
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.WebSoftCodecDrivern[1].exe Infected: Trojan.Win32.Vapsup.kex 1
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.waterfall.exe Infected: not-a-virus:AdWare.Win32.Relevant.a 1
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.Dc165.zip Infected: not-a-virus:AdWare.Win32.Agent.dva 1
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.ljJBqroO.dll.vir Infected: Packed.Win32.Tdss.c 1
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.tuvUNGxy.dll.vir Infected: Packed.Win32.Tdss.c 1
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.TDSS85d.tmp Infected: Backdoor.Win32.Agent.rtf 1
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.FILE0085.CHK Infected: Packed.Win32.Krap.e 1
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.FILE0087.CHK Infected: Backdoor.Win32.Frauder.fb 1
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.twext.exe Infected: Trojan-Spy.Win32.Zbot.fyo 1
C:\Documents and Settings\All Users\.clamwin\quarantine\infected.._file[1].exe Infected: Trojan-Downloader.Win32.Small.adin 1
C:\System Volume Information\_restore{F68596F9-AD7D-4816-BA1D-AFA61CF8236A}\RP462\A0114076.SYS Infected: Trojan.Win32.Agent2.aas 1
C:\System Volume Information\_restore{F68596F9-AD7D-4816-BA1D-AFA61CF8236A}\RP476\A0118871.exe Infected: Trojan-Dropper.Win32.Agent.akxv 1
C:\System Volume Information\_restore{F68596F9-AD7D-4816-BA1D-AFA61CF8236A}\RP476\A0118874.EXE Infected: Trojan-Downloader.Win32.FraudLoad.vmrj 1
C:\System Volume Information\_restore{F68596F9-AD7D-4816-BA1D-AFA61CF8236A}\RP476\A0119923.exe Infected: Trojan-Downloader.Win32.FraudLoad.vmrj 1
C:\System Volume Information\_restore{F68596F9-AD7D-4816-BA1D-AFA61CF8236A}\RP476\A0119926.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aeug 1
C:\System Volume Information\_restore{F68596F9-AD7D-4816-BA1D-AFA61CF8236A}\RP476\A0120098.scr Infected: not-a-virus:RemoteAdmin.Win32.PoisonIvy.ak 1
C:\FOUND.001\FILE0086.CHK Infected: Trojan-Spy.Win32.Zbot.fyo 1
C:\_OTListIt\MovedFiles\03282009_150851\WINDOWS\Fduvogevusukase.dll Infected: Trojan-Downloader.Win32.Mufanom.b 1
C:\_OTListIt\MovedFiles\03282009_150851\WINDOWS\System32\dllcache\userinit.exe Infected: Trojan-Dropper.Win32.Agent.akxv 1
C:\_OTListIt\MovedFiles\03282009_150851\Documents and Settings\Matt K.MOBILEDESTOYER\Local Settings\temp\wejy12.exe Infected: Trojan-Downloader.Win32.Delf.swp 1
C:\_OTListIt\MovedFiles\03282009_150851\RECYCLER\S-1-5-21-1750612226-8623217660-147058013-9950\service.exe Infected: Worm.Win32.AutoRun.fjo 1
C:\_OTListIt\MovedFiles\03282009_150851\aoqckrns.exe Infected: Worm.Win32.AutoRun.fjo 1
C:\_OTListIt\MovedFiles\03282009_150851\wicnin.exe Infected: Trojan-Downloader.Win32.Agent.bpcz 1
D:\matt\sentMDK.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users