Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS.sys and UACd.sys


  • This topic is locked This topic is locked
11 replies to this topic

#1 MikeJDL

MikeJDL

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 11 April 2009 - 12:27 AM

Hey there,

So, I'm not sure what exactly my problem is. Recently I had become infected with some malware (TDSS.sys and UACd.sys) and I took measures to remove them as best as I could. Further scans don't seem to find anything else, but I can't be certain I've gotten everything as I'm still having some strange behavior.

Initially, I noticed that I had something because my google seaches were being redirected when I would click on any search result (windowsclick.com, I believe) and in investigating and trying to fix that I found the TDSS rootkit and then later UACd. Spybot S&D would catch the TDSS infections and remove them, but they would come right back after opening a new browser, so I found Malwarebytes Anti-Malware and scanned my computer and seemed to successfully remove the TDSS and windowsclick problems.

Just the other day though I got a BSOD while browsing the internet (unfortunately, I didn't get a chance to read/copy it... it hasn't happened since, though) and ever since then programs are constantly crashing on me. Internet explorer, AIM, iTunes, windows media player, winamp, to name a few, will crash immediately after they load. Always the same programs.

So, to make sure I didn't have anything else, I also downloaded GMER and scanned with that and found UACd.sys. After some searching I found out that ComboFix could remove the UACd rootkit and so I downloaded and ran that and seemingly took care of UACd, yet my problem still persists.

My only conclusions are that either my windows installation has just become corrupt, I screwed something up in the process of removing that malware, or there's still something infecting me?

I'm running Windows XP SP3, I've got all the critical updates as far as I'm aware and I'm using Firefox to post this (as Internet Explorer just isn't able to stay running).
I run AVG 8.5 (free version), Spybot S&D, Spywareblaster and Ad-Aware (though Ad-Aware doesn't seem to ever catch anything) for security.
I apologize for the long post (or if I've omitted any obvious information you might need), but I figure it's best to be thorough in explaining my problem.

Thanks in advance for your time,

-Mike



DDS (Ver_09-03-16.01) - NTFSx86
Run by Mike Jadoun at 1:11:23.18 on Sat 04/11/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.261 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Network Associates\PGPNT\PGPTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mike Jadoun\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {BDF3E430-B101-42AD-A544-FADC6B084872} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [AIM] "c:\program files\aim+\AIM+.exe" -cnetwait.odl
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [CurseClient] c:\program files\curse\CurseClient.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AtiPTA] atiptaxx.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptray.lnk - c:\program files\network associates\pgpnt\PGPTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\progra~1\aim95\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166214209265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mikeja~1\applic~1\mozilla\firefox\profiles\1llctgmm.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCortona.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-29 64160]
R1 atitray;atitray;c:\program files\radeon omega drivers\v3.8.413\ati tray tools\atitray.sys [2005-11-13 18088]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-14 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-4-10 26824]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2001-12-19 8576]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-3 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-11 298264]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-12-5 935208]
R2 PGPmemlock;PGPmemlock;c:\windows\system32\drivers\PGPmemlock.sys [2009-2-3 6656]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-4-8 33176]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

=============== Created Last 30 ================

2009-04-10 00:07 <DIR> --d----- c:\docume~1\mikeja~1\applic~1\Uniblue
2009-04-10 00:07 <DIR> --d----- c:\program files\Uniblue
2009-04-09 23:36 73,728 a------- C:\pv.exe
2009-04-09 23:12 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-04-09 17:00 69 a------- c:\windows\NeroDigital.ini
2009-04-03 01:51 <DIR> --d----- c:\docume~1\mikeja~1\applic~1\Malwarebytes
2009-04-03 01:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-03 01:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-03 01:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-03 01:51 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 01:42 4,767 a------- c:\windows\Irremote.ini
2009-04-02 01:18 <DIR> --d----- c:\program files\Nero
2009-04-02 01:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-03-29 20:09 <DIR> --d----- C:\cmdcons
2009-03-29 20:07 161,792 a------- c:\windows\SWREG.exe
2009-03-29 20:07 98,816 a------- c:\windows\sed.exe
2009-03-29 19:34 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-29 19:09 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-29 19:05 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-29 18:12 <DIR> --d----- c:\docume~1\mikeja~1\applic~1\AVS4YOU
2009-03-29 18:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-03-29 18:09 <DIR> --d----- c:\program files\common files\AVSMedia
2009-03-29 18:09 974,848 a------- c:\windows\system32\mfc70.dll
2009-03-29 18:07 1,700,352 a------- c:\windows\system32\GdiPlus.dll
2009-03-29 18:07 24,576 a------- c:\windows\system32\msxml3a.dll
2009-03-29 18:07 <DIR> --d----- c:\program files\AVS4YOU
2009-03-29 17:33 <DIR> --d----- c:\program files\DVD Shrink
2009-03-29 17:31 <DIR> --d----- c:\program files\ExactFile
2009-03-29 15:16 <DIR> --d----- c:\program files\MagicDVDRipper
2009-03-29 15:03 <DIR> --d----- c:\program files\DVD Decrypter
2009-03-29 14:23 1,896,749 a------- c:\windows\system32\uactmp.db
2009-03-16 17:48 <DIR> --d----- c:\documents and settings\mike jadoun\Tracing
2009-03-16 17:45 <DIR> --d----- c:\program files\Microsoft
2009-03-16 17:44 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-16 17:37 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2008-12-14 23:21 1,208 ac------ c:\docume~1\mikeja~1\applic~1\wklnhst.dat
2006-06-13 14:18 32 -c---r-- c:\documents and settings\all users\hash.dat

============= FINISH: 1:13:12.69 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:21 PM

Posted 25 April 2009 - 09:55 AM

Hello MikeJDL

Welcome to Welcome to BleepingComputer :thumbup2:
=====================
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download the GMER Rootkit Scanner.
Click the Download exe button and save the randomly named file to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click randomlynamed.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 MikeJDL

MikeJDL
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 25 April 2009 - 01:31 PM

Hey kahdah, thanks so much for taking the time to help me :thumbup2:

Here are the logs you've requested. Just a note though, when I ran GMER the scan seemed to end abruptly (it was pretty long into the scan) and then when I closed the program and tried to open it again I had some issues with the computer and had to restart. I kept getting the error "Insufficient system resources exist to complete the requested service" anytime I tried to open anything. I ran it again after restart and it ran fine then.



OTListIt logfile created on: 4/25/2009 11:16:43 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Mike Jadoun\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.17 Mb Total Physical Memory | 359.00 Mb Available Physical Memory | 35.12% Memory free
2.40 Gb Paging File | 1.64 Gb Available in Paging File | 68.40% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.32 Gb Total Space | 0.80 Gb Free Space | 1.08% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 20.10 Gb Free Space | 26.98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOGGERS
Current User Name: Mike Jadoun
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (www.tortoisesvn.org)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
PRC - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\HPQ\SHARED\HPQWMI.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Curse\CurseClient.exe ()
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Network Associates\PGPNT\PGPTray.exe (Network Associates Technology, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Documents and Settings\Mike Jadoun\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Stopped]) -- File not found
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [On_Demand | Stopped]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqwmi [On_Demand | Running]) -- C:\Program Files\HPQ\SHARED\HPQWMI.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Imapi Helper [On_Demand | Stopped]) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (msvsmon80 [Disabled | Stopped]) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0 [Auto | Running]) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (SQLBrowser [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (atitray [System | Running]) -- C:\Program Files\Radeon Omega Drivers\v3.8.413\ATI Tray Tools\atitray.sys ()
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\system32\drivers\EABFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\eabusb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWATI [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys (Logitech Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (PGPmemlock [Auto | Running]) -- C:\WINDOWS\system32\drivers\PGPmemlock.sys (Network Associates, Inc.)
DRV - (PID_08A0 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LV302AV.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Sentinel [Auto | Running]) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (Sntnlusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS (Rainbow Technologies Inc.)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (vcdrom [System | Running]) -- C:\WINDOWS\system32\drivers\VCdRom.sys (Microsoft Corporation)
DRV - (vmm [System | Running]) -- C:\WINDOWS\system32\Drivers\vmm.sys (Microsoft Corporation)
DRV - (VPCNetS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys (Microsoft Corporation)
DRV - (vsdatant [On_Demand | Stopped]) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (wceusbsh [System | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (WinDriver6 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)
DRV - (XilinxPC4Driver [Auto | Running]) -- C:\WINDOWS\System32\drivers\XPC4DRVR.SYS (Xilinx, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2008/07/08 14:13:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/15 15:33:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/10 17:28:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/23 09:20:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/23 09:20:20 | 00,000,000 | ---D | M]

[2008/06/18 15:04:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\mozilla\Extensions
[2008/06/18 15:04:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2006/03/13 07:25:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\mozilla\Firefox\Profiles\1llctgmm.default\extensions
[2008/06/24 20:41:41 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Mike Jadoun\Application Data\Mozilla\FireFox\Profiles\1llctgmm.default\searchplugins\imdb.xml
[2008/06/23 22:31:34 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Mike Jadoun\Application Data\Mozilla\FireFox\Profiles\1llctgmm.default\searchplugins\wikipedia-en.xml
[2009/04/20 23:43:24 | 00,002,431 | ---- | M] () -- C:\Documents and Settings\Mike Jadoun\Application Data\Mozilla\FireFox\Profiles\1llctgmm.default\searchplugins\youtube.xml
[2009/04/25 00:04:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/23 09:20:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/26 19:06:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/27 16:04:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/11/26 19:15:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/27 12:29:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/26 22:43:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/11/26 21:15:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/10 17:30:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/01 17:37:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/23 09:20:13 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/23 09:20:13 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/05/29 10:24:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/05/29 10:24:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/05/29 10:24:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 02:02:21 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/05/29 10:24:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/05/29 10:24:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/05/29 10:24:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (305924 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10535 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AtiPTA] atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe ()
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGPtray.lnk = C:\Program Files\Network Associates\PGPNT\PGPTray.exe (Network Associates Technology, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/5/c.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1166214209265 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\autoplay.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/04/25 11:10:28 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Mike Jadoun\Desktop\37gw9mmk.exe
[2009/04/25 11:09:49 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike Jadoun\Desktop\OTListIt2.exe
[2009/04/19 17:43:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Application Data\dvdcss
[2009/04/19 13:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Application Data\vlc
[2009/04/19 13:53:39 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/04/15 15:14:13 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 15:14:13 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 15:14:13 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 15:14:12 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 15:14:12 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 15:14:12 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 15:14:12 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 15:14:12 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 15:14:11 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 15:12:30 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 15:12:29 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 15:12:29 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/12 21:53:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Local Settings\Application Data\Opera
[2009/04/12 21:53:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Application Data\Opera
[2009/04/12 21:52:51 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009/04/12 01:31:27 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/11 01:10:43 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Mike Jadoun\Desktop\dds.scr
[2009/04/10 02:22:44 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/04/10 00:07:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Application Data\Uniblue
[2009/04/10 00:07:28 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/04/09 23:36:13 | 00,073,728 | ---- | C] () -- C:\pv.exe
[2009/04/09 23:34:33 | 03,067,803 | R--- | C] () -- C:\Documents and Settings\Mike Jadoun\Desktop\ComboFix.exe
[2009/04/09 23:12:59 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2009/04/09 23:12:24 | 01,678,320 | ---- | C] (Uniblue Systems ) -- C:\Documents and Settings\Mike Jadoun\Desktop\boosterregistry.exe
[2009/04/09 20:48:57 | 10,718,94528 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/09 17:01:10 | 00,000,170 | ---- | C] () -- C:\Documents and Settings\Mike Jadoun\Application Data\default.rss
[2009/04/09 17:00:43 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/08 18:29:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/04/08 18:28:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/04/08 18:20:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/04/08 18:20:28 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/04/03 01:51:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Application Data\Malwarebytes
[2009/04/03 01:51:21 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/03 01:51:16 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/03 01:51:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/03 01:51:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/02 03:49:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Application Data\Nero
[2009/04/02 01:42:39 | 00,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/04/02 01:39:14 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/04/02 01:18:42 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/04/02 01:17:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/04/02 01:17:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2009/04/02 01:17:26 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/03/29 20:10:00 | 00,000,221 | ---- | C] () -- C:\Boot.bak
[2009/03/29 20:09:50 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/03/29 20:09:45 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/03/29 20:07:17 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/03/29 20:07:17 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/03/29 20:07:17 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/03/29 20:07:17 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/03/29 20:07:17 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009/03/29 20:07:17 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/03/29 20:07:17 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/03/29 20:07:17 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009/03/29 20:07:17 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/03/29 20:07:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/29 20:06:31 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/03/29 19:34:17 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/29 19:10:14 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/29 19:09:58 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/29 19:05:37 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/29 18:12:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Application Data\AVS4YOU
[2009/03/29 18:12:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/03/29 18:09:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2009/03/29 18:09:47 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2009/03/29 18:07:38 | 01,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2009/03/29 18:07:38 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2009/03/29 18:07:38 | 00,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2009/03/29 17:33:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/03/29 17:33:50 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2009/03/29 17:31:03 | 00,000,000 | ---D | C] -- C:\Program Files\ExactFile
[2009/03/29 15:16:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Local Settings\Application Data\MagicSoftware
[2009/03/29 15:16:45 | 00,000,000 | ---D | C] -- C:\Program Files\MagicDVDRipper
[2009/03/29 15:03:31 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2009/03/29 14:23:07 | 01,896,749 | ---- | C] () -- C:\WINDOWS\System32\uactmp.db
[2008/07/17 17:16:57 | 00,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2008/01/28 15:36:40 | 00,000,046 | ---- | C] () -- C:\WINDOWS\shnamp.ini
[2007/10/26 14:28:18 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/03/19 03:12:06 | 00,004,647 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/12/03 02:40:38 | 00,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2006/11/17 12:34:40 | 00,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/09/25 18:10:32 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2006/09/04 20:05:27 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/05/28 16:41:45 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/09 22:32:11 | 00,006,958 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/24 17:06:39 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/04/18 18:30:56 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/04/11 15:40:44 | 00,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/03/31 16:00:34 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2006/03/25 16:45:21 | 00,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/03/21 20:38:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/03/15 02:07:09 | 00,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/29 01:48:47 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/29 01:48:47 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/29 01:48:47 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/29 01:48:47 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/29 01:48:47 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/29 01:48:47 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/29 01:33:18 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/17 13:39:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 13:21:06 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/17 12:59:14 | 00,000,794 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/17 05:45:30 | 00,000,296 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/06 01:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/01 07:47:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/13 00:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[42 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/25 11:10:32 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Mike Jadoun\Desktop\37gw9mmk.exe
[2009/04/25 11:10:17 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike Jadoun\Desktop\OTListIt2.exe
[2009/04/25 09:10:35 | 35,412,224 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/25 02:18:29 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/24 09:10:41 | 00,032,111 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/23 17:52:46 | 00,080,384 | ---- | M] () -- C:\Documents and Settings\Mike Jadoun\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/22 20:42:17 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/22 20:41:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/22 20:40:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/22 20:40:40 | 10,718,94528 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/20 19:09:33 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/20 14:30:23 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/19 23:30:26 | 00,072,680 | ---- | M] () -- C:\Documents and Settings\Mike Jadoun\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/19 17:54:39 | 00,305,924 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/18 09:40:48 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/17 15:59:50 | 00,001,770 | -H-- | M] () -- C:\Documents and Settings\Mike Jadoun\My Documents\Default.rdp
[2009/04/15 23:49:42 | 00,588,842 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 23:49:42 | 00,490,730 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 23:49:42 | 00,090,474 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/15 22:39:10 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/15 22:19:28 | 00,000,794 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/13 17:14:04 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/12 00:05:11 | 00,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/11 01:10:59 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Mike Jadoun\Desktop\dds.scr
[2009/04/10 02:31:20 | 00,000,296 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/10 02:10:36 | 00,000,170 | ---- | M] () -- C:\Documents and Settings\Mike Jadoun\Application Data\default.rss
[2009/04/09 23:36:15 | 03,067,803 | R--- | M] () -- C:\Documents and Settings\Mike Jadoun\Desktop\ComboFix.exe
[2009/04/09 23:12:36 | 01,678,320 | ---- | M] (Uniblue Systems ) -- C:\Documents and Settings\Mike Jadoun\Desktop\boosterregistry.exe
[2009/04/09 18:56:43 | 00,006,958 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/09 08:59:55 | 00,312,983 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090419-175439.backup
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/02 01:42:39 | 00,004,767 | ---- | M] () -- C:\WINDOWS\Irremote.ini
[2009/04/01 20:45:30 | 00,304,983 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090409-085955.backup
[2009/03/29 20:12:46 | 00,304,595 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090401-204530.backup
[2009/03/29 20:10:00 | 00,000,291 | RHS- | M] () -- C:\boot.ini
[2009/03/29 19:21:05 | 01,896,749 | ---- | M] () -- C:\WINDOWS\System32\uactmp.db
[2009/03/27 02:58:38 | 01,203,922 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb

========== LOP Check ==========

[2009/04/09 23:12:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/24 13:43:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/03/29 19:05:39 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/10 00:07:29 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2009/04/08 18:30:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/08/27 13:08:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2006/05/18 19:41:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/07/28 13:55:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2006/11/23 16:37:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/03/10 21:46:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/29 18:12:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2008/09/20 00:18:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blizzard
[2009/04/10 10:22:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/12/02 20:51:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2005/11/29 01:47:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/03/29 19:05:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/03 01:51:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/16 17:36:52 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/09/09 17:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2005/11/29 01:52:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/04/02 01:30:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/04/08 18:26:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/07/16 22:22:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2006/03/15 01:58:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2006/03/13 06:25:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2006/03/25 20:56:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2005/11/29 01:12:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/03/10 16:47:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/04/10 04:10:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/04/19 18:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/03/13 06:24:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/03/13 02:06:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/03/13 14:13:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2009/04/19 17:43:17 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data
[2009/04/10 01:23:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\.BitTornado
[2006/04/24 17:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\acccore
[2009/04/08 18:30:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Adobe
[2008/05/15 18:01:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\AdobeUM
[2008/05/01 01:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Aim
[2007/08/27 13:07:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\AOL
[2008/03/21 06:01:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Apple Computer
[2007/10/18 06:46:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\atitray
[2009/03/29 18:12:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\AVS4YOU
[2007/01/05 06:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\DMCache
[2009/04/19 17:43:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\dvdcss
[2006/04/17 15:26:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Help
[2006/09/13 14:37:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\hte
[2005/11/29 01:12:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Identities
[2007/01/18 16:51:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\IDM
[2006/07/24 14:02:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\InterVideo
[2006/03/13 18:03:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\last.fm
[2009/01/13 22:21:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Lavasoft
[2008/03/29 00:26:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Leadertech
[2006/05/09 22:23:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Macromedia
[2009/04/03 01:51:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Malwarebytes
[2008/05/14 09:19:57 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Microsoft
[2008/06/18 15:04:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Mozilla
[2007/02/21 01:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\MySpace
[2009/04/02 03:54:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Nero
[2008/07/17 20:23:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Notepad++
[2009/04/12 21:53:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Opera
[2009/02/03 16:22:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\PGP
[2006/08/29 09:12:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Real
[2008/03/29 00:27:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Sonic
[2006/09/29 11:14:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Subversion
[2006/04/06 03:49:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Sun
[2006/03/13 06:31:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Symantec
[2006/06/04 14:44:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Talkback
[2006/05/13 02:35:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\teamspeak2
[2007/04/16 22:08:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Template
[2006/11/17 19:37:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\TortoiseSVN
[2009/04/10 00:07:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Uniblue
[2007/11/14 20:58:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\Ventrilo
[2009/04/19 14:00:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\vlc
[2008/08/15 20:03:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\WorkBench
[2006/03/13 06:24:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\You've Got Pictures Screensaver
[2007/05/01 04:39:31 | 00,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\$$$ntbackup_temp$$$.job
[2009/04/20 19:09:33 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/04/20 14:30:23 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/10 11:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/04/25 02:18:29 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/04/22 20:41:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >




OTListIt Extras logfile created on: 4/25/2009 11:16:43 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Mike Jadoun\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.17 Mb Total Physical Memory | 359.00 Mb Available Physical Memory | 35.12% Memory free
2.40 Gb Paging File | 1.64 Gb Available in Paging File | 68.40% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.32 Gb Total Space | 0.80 Gb Free Space | 1.08% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 20.10 Gb Free Space | 26.98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOGGERS
Current User Name: Mike Jadoun
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft (Blizzard Entertainment)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM ()
C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui ()
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger (SM) (America Online, Inc.)
C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb (Orb Networks, Inc.)
C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray (Orb Networks)
C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client (Orb Networks)
C:\Program Files\StarNet\X-Win32 6.1\xwin32.exe:*:Enabled:X-Win32 PC XServer (StarNet Communications Corp.)
C:\Program Files\Curse\CurseClient.exe:*:Enabled:CurseClient ()
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2bf0a44e-01d4-4c4e-859c-d386b8007149}" = Nero 9 Trial
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37C39957-B0B3-40DC-8BA4-2363241159ED}" = LightScribe 1.4.44.1
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D0E8F20-748C-4dac-9A5F-9CAC86F0E848}" = 1500
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 C1
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{43A6AA2A-74B5-4E1C-91DB-ECB2F99D9ED7}" = HP User Guides 0008
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{51D43E6D-9B84-4b69-AA14-27113796A94D}" = 1500_Help
"{52FBAE98-D389-4281-8C14-21B4046CCB4E}" = SonicAC3Encoder
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 1.00 A7
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{85243696-5e58-4357-9cf8-3498c609941d}" = NeroLiveGadget Help
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}" =
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B16AF568-A644-483C-A6DA-5028CD019C8C}" = SonicMPEGEncoder
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{B9C22F96-61F6-4ADA-808A-4A1AE835E75F}" = TIPCI
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD1F16BE-7B1B-4C8B-9C37-C99724513225}" = TortoiseSVN 1.4.1.7992 (32 bit)
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 D2
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D9CDB463-BB48-4B80-B1B6-5B940A4621E0}" = AutoStreamer
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E6F6231A-4FA3-47fe-A0DB-B113160C8DD3}" = 1500Trb
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E914FD2E-6D90-4E49-A778-C44CF7978F10}" = X-Win32 6.1
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AIM+" = AIM+ (remove only)
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger (SM)" = AOL Instant Messenger (SM)
"ATI Display Driver" = ATI Display Driver (Omega 3.8.413)
"Atlantis Word Processor" = Atlantis Word Processor
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.0
"BitTornado" = BitTornado 0.3.15
"CDCheck" = CDCheck
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"CurseClient" = Curse Client
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ExactFile_is1" = ExactFile 1.0.0.15
"FLV Player" = FLV Player 2.0 (build 25)
"GSview 4.8" = GSview 4.8
"HijackThis" = HijackThis 2.0.2
"hp deskjet 3820 series" = hp deskjet 3820 series (Remove only)
"HP Photo & Imaging" = HP Image Zone 4.7
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{B9C22F96-61F6-4ADA-808A-4A1AE835E75F}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"IrfanView" = IrfanView (remove only)
"iScrobbler" = iScrobbler
"IsoBuster_is1" = IsoBuster 2.4
"Last.fm Player_is1" = Last.fm Player 1.1.4
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.0.9)" = Mozilla Firefox (3.0.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MTI ModelSim XE III 6.1e Deinstall Key" = ModelSim XE III 6.1e
"MultiRes (remove only)" = MultiRes (remove only)
"MySpaceIM" = MySpaceIM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"Orb" = Winamp Remote
"PC Wizard 2008_is1" = PC Wizard 2008.1.84
"PCSpim" = PCSpim
"PGP" = PGPfreeware 6.5.3
"Picasa2" = Picasa 2
"PowerISO" = PowerISO
"PuTTY_is1" = PuTTY version 0.58
"Radeon Omega Drivers for Windows 2k/XPv3.8.413" = Radeon Omega Drivers v3.8.413 Setup Files and Tools
"Rainbow Sentinel Driver" = Sentinel System Driver
"RealPlayer 6.0" = RealPlayer
"Sibelius Scorch Plugin" = Sibelius Scorch Plugin
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.2
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WorkBench_is1" = WorkBench 1.5.0-732
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilinx ISE 8.2i" = Xilinx ISE 8.2i

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"727d1ea1876aa06e" = WowAceUpdater
"Warcraft III" = Warcraft III

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/9/2009 4:40:11 PM | Computer Name = DOGGERS | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DOGGERS\Mike Jadoun Checkpoint ID: 1 Error Code: 0x8000ffff

Error
description: Catastrophic failure

Error - 4/9/2009 10:51:34 PM | Computer Name = DOGGERS | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 4/9/2009 11:07:16 PM | Computer Name = DOGGERS | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DOGGERS\Mike Jadoun Checkpoint ID: 1 Error Code: 0x80070005

Error
description: Access is denied.

Error - 4/9/2009 11:07:17 PM | Computer Name = DOGGERS | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DOGGERS\Mike Jadoun Checkpoint ID: 1 Error Code: 0x8000ffff

Error
description: Catastrophic failure

Error - 4/10/2009 12:27:49 AM | Computer Name = DOGGERS | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 4/12/2009 12:17:01 AM | Computer Name = DOGGERS | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 4/12/2009 2:17:28 AM | Computer Name = DOGGERS | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 4/17/2009 1:33:12 AM | Computer Name = DOGGERS | Source = Windows Live Messenger | ID = 1000
Description =

Error - 4/21/2009 2:18:00 AM | Computer Name = DOGGERS | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240016, P2 begininstall, P3 install, P4
1.1.1593.0, P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL,
P10 NIL.

Error - 4/22/2009 10:47:07 PM | Computer Name = DOGGERS | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 4/22/2009 7:54:59 PM | Computer Name = DOGGERS | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 4/22/2009 7:55:59 PM | Computer Name = DOGGERS | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 4/22/2009 8:01:59 PM | Computer Name = DOGGERS | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 4/22/2009 8:13:59 PM | Computer Name = DOGGERS | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 4/22/2009 8:25:59 PM | Computer Name = DOGGERS | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 4/22/2009 8:37:59 PM | Computer Name = DOGGERS | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 4/22/2009 8:41:45 PM | Computer Name = DOGGERS | Source = Service Control Manager | ID = 7000
Description = The AOL Connectivity Service service failed to start due to the following
error: %%3

Error - 4/22/2009 8:41:45 PM | Computer Name = DOGGERS | Source = Service Control Manager | ID = 7000
Description = The DS1410D service failed to start due to the following error: %%2

Error - 4/22/2009 10:47:14 PM | Computer Name = DOGGERS | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 4/25/2009 3:55:38 AM | Computer Name = DOGGERS | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0014A57209A2. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.


< End of report >




GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-25 14:20:50
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF75E287E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF75E2C10]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\eHome\ehSched.exe[280] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00B42DFD
.text C:\WINDOWS\eHome\ehSched.exe[280] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00B42DBA
.text C:\WINDOWS\eHome\ehSched.exe[280] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00B42D7E
.text C:\WINDOWS\eHome\ehSched.exe[280] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B42D63
.text C:\WINDOWS\eHome\ehSched.exe[280] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B42BEF
.text C:\WINDOWS\eHome\ehSched.exe[280] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B42CE1
.text C:\WINDOWS\eHome\ehSched.exe[280] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B42C27
.text C:\WINDOWS\eHome\ehSched.exe[280] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B42C5F
.text C:\WINDOWS\Explorer.EXE[448] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00CC2DFD
.text C:\WINDOWS\Explorer.EXE[448] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00CC2DBA
.text C:\WINDOWS\Explorer.EXE[448] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00CC2D7E
.text C:\WINDOWS\Explorer.EXE[448] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CC2D63
.text C:\WINDOWS\Explorer.EXE[448] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CC2BEF
.text C:\WINDOWS\Explorer.EXE[448] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00CC2CE1
.text C:\WINDOWS\Explorer.EXE[448] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CC2C27
.text C:\WINDOWS\Explorer.EXE[448] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CC2C5F
.text C:\Documents and Settings\Mike Jadoun\Desktop\37gw9mmk.exe[756] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 01B22DFD
.text C:\Documents and Settings\Mike Jadoun\Desktop\37gw9mmk.exe[756] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 01B22DBA
.text C:\Documents and Settings\Mike Jadoun\Desktop\37gw9mmk.exe[756] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 01B22D7E
.text C:\Documents and Settings\Mike Jadoun\Desktop\37gw9mmk.exe[756] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01B22D63
.text C:\Documents and Settings\Mike Jadoun\Desktop\37gw9mmk.exe[756] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01B22BEF
.text C:\Documents and Settings\Mike Jadoun\Desktop\37gw9mmk.exe[756] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01B22CE1
.text C:\Documents and Settings\Mike Jadoun\Desktop\37gw9mmk.exe[756] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01B22C27
.text C:\Documents and Settings\Mike Jadoun\Desktop\37gw9mmk.exe[756] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01B22C5F
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[928] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 032A2DFD
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[928] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 032A2DBA
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[928] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 032A2D7E
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[928] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 032A2D63
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[928] WS2_32.dll!send 71AB4C27 5 Bytes JMP 032A2BEF
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[928] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 032A2CE1
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[928] WS2_32.dll!recv 71AB676F 5 Bytes JMP 032A2C27
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[928] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 032A2C5F
.text C:\Program Files\Bonjour\mDNSResponder.exe[992] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00812D63
.text C:\Program Files\Bonjour\mDNSResponder.exe[992] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00812BEF
.text C:\Program Files\Bonjour\mDNSResponder.exe[992] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00812CE1
.text C:\Program Files\Bonjour\mDNSResponder.exe[992] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00812C27
.text C:\Program Files\Bonjour\mDNSResponder.exe[992] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00812C5F
.text C:\Program Files\Bonjour\mDNSResponder.exe[992] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00812DFD
.text C:\Program Files\Bonjour\mDNSResponder.exe[992] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00812DBA
.text C:\Program Files\Bonjour\mDNSResponder.exe[992] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00812D7E
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1120] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 34232DFD
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1120] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 34232DBA
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1120] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 34232D7E
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1120] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 34232D63
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1120] WS2_32.dll!send 71AB4C27 5 Bytes JMP 34232BEF
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1120] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 34232CE1
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1120] WS2_32.dll!recv 71AB676F 5 Bytes JMP 34232C27
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1120] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 34232C5F
.text C:\WINDOWS\eHome\ehRecvr.exe[1700] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00CA2DFD
.text C:\WINDOWS\eHome\ehRecvr.exe[1700] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00CA2DBA
.text C:\WINDOWS\eHome\ehRecvr.exe[1700] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00CA2D7E
.text C:\WINDOWS\eHome\ehRecvr.exe[1700] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CA2D63
.text C:\WINDOWS\eHome\ehRecvr.exe[1700] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CA2BEF
.text C:\WINDOWS\eHome\ehRecvr.exe[1700] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00CA2CE1
.text C:\WINDOWS\eHome\ehRecvr.exe[1700] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CA2C27
.text C:\WINDOWS\eHome\ehRecvr.exe[1700] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CA2C5F
.text C:\Program Files\Windows Defender\MsMpEng.exe[1764] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00B12DFD
.text C:\Program Files\Windows Defender\MsMpEng.exe[1764] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00B12DBA
.text C:\Program Files\Windows Defender\MsMpEng.exe[1764] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00B12D7E
.text C:\Program Files\Windows Defender\MsMpEng.exe[1764] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B12D63
.text C:\Program Files\Windows Defender\MsMpEng.exe[1764] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B12BEF
.text C:\Program Files\Windows Defender\MsMpEng.exe[1764] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B12CE1
.text C:\Program Files\Windows Defender\MsMpEng.exe[1764] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B12C27
.text C:\Program Files\Windows Defender\MsMpEng.exe[1764] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B12C5F
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2224] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00902DFD
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2224] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00902DBA
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2224] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00902D7E
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2224] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00902D63
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2224] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00902BEF
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2224] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00902CE1
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2224] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00902C27
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2224] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00902C5F
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2260] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00C22DFD
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2260] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00C22DBA
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2260] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00C22D7E
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2260] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C22D63
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2260] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C22BEF
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2260] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C22CE1
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2260] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C22C27
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2260] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C22C5F
.text C:\WINDOWS\ehome\ehtray.exe[2608] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 012A2DFD
.text C:\WINDOWS\ehome\ehtray.exe[2608] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 012A2DBA
.text C:\WINDOWS\ehome\ehtray.exe[2608] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 012A2D7E
.text C:\WINDOWS\ehome\ehtray.exe[2608] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 012A2D63
.text C:\WINDOWS\ehome\ehtray.exe[2608] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012A2BEF
.text C:\WINDOWS\ehome\ehtray.exe[2608] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 012A2CE1
.text C:\WINDOWS\ehome\ehtray.exe[2608] WS2_32.dll!recv 71AB676F 5 Bytes JMP 012A2C27
.text C:\WINDOWS\ehome\ehtray.exe[2608] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 012A2C5F
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00FD2DFD
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00FD2DBA
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00FD2D7E
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FD2D63
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FD2BEF
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00FD2CE1
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00FD2C27
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2624] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FD2C5F
.text C:\WINDOWS\ehome\mcrdsvc.exe[2716] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00BD2DFD
.text C:\WINDOWS\ehome\mcrdsvc.exe[2716] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00BD2DBA
.text C:\WINDOWS\ehome\mcrdsvc.exe[2716] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00BD2D7E
.text C:\WINDOWS\ehome\mcrdsvc.exe[2716] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BD2D63
.text C:\WINDOWS\ehome\mcrdsvc.exe[2716] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BD2BEF
.text C:\WINDOWS\ehome\mcrdsvc.exe[2716] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BD2CE1
.text C:\WINDOWS\ehome\mcrdsvc.exe[2716] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BD2C27
.text C:\WINDOWS\ehome\mcrdsvc.exe[2716] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BD2C5F
.text C:\WINDOWS\system32\dllhost.exe[2736] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00DE2DFD
.text C:\WINDOWS\system32\dllhost.exe[2736] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00DE2DBA
.text C:\WINDOWS\system32\dllhost.exe[2736] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00DE2D7E
.text C:\WINDOWS\system32\dllhost.exe[2736] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DE2D63
.text C:\WINDOWS\system32\dllhost.exe[2736] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DE2BEF
.text C:\WINDOWS\system32\dllhost.exe[2736] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DE2CE1
.text C:\WINDOWS\system32\dllhost.exe[2736] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DE2C27
.text C:\WINDOWS\system32\dllhost.exe[2736] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DE2C5F
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2960] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 010E2DFD
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2960] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 010E2DBA
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2960] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 010E2D7E
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2960] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010E2D63
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2960] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010E2BEF
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2960] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010E2CE1
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2960] WS2_32.dll!recv 71AB676F 5 Bytes JMP 010E2C27
.text C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe[2960] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010E2C5F
.text C:\WINDOWS\System32\alg.exe[3096] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00C62DFD
.text C:\WINDOWS\System32\alg.exe[3096] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00C62DBA
.text C:\WINDOWS\System32\alg.exe[3096] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00C62D7E
.text C:\WINDOWS\System32\alg.exe[3096] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C62D63
.text C:\WINDOWS\System32\alg.exe[3096] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C62BEF
.text C:\WINDOWS\System32\alg.exe[3096] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C62CE1
.text C:\WINDOWS\System32\alg.exe[3096] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C62C27
.text C:\WINDOWS\System32\alg.exe[3096] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C62C5F
.text C:\Program Files\iPod\bin\iPodService.exe[3284] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00B82DFD
.text C:\Program Files\iPod\bin\iPodService.exe[3284] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00B82DBA
.text C:\Program Files\iPod\bin\iPodService.exe[3284] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00B82D7E
.text C:\Program Files\HPQ\SHARED\HPQWMI.exe[3416] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00DC2DFD
.text C:\Program Files\HPQ\SHARED\HPQWMI.exe[3416] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00DC2DBA
.text C:\Program Files\HPQ\SHARED\HPQWMI.exe[3416] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00DC2D7E
.text C:\Program Files\HPQ\SHARED\HPQWMI.exe[3416] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DC2D63
.text C:\Program Files\HPQ\SHARED\HPQWMI.exe[3416] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DC2BEF
.text C:\Program Files\HPQ\SHARED\HPQWMI.exe[3416] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DC2CE1
.text C:\Program Files\HPQ\SHARED\HPQWMI.exe[3416] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DC2C27
.text C:\Program Files\HPQ\SHARED\HPQWMI.exe[3416] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DC2C5F
.text C:\WINDOWS\eHome\ehmsas.exe[3472] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00D92DFD
.text C:\WINDOWS\eHome\ehmsas.exe[3472] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00D92DBA
.text C:\WINDOWS\eHome\ehmsas.exe[3472] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00D92D7E
.text C:\WINDOWS\eHome\ehmsas.exe[3472] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D92D63
.text C:\WINDOWS\eHome\ehmsas.exe[3472] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D92BEF
.text C:\WINDOWS\eHome\ehmsas.exe[3472] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00D92CE1
.text C:\WINDOWS\eHome\ehmsas.exe[3472] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D92C27
.text C:\WINDOWS\eHome\ehmsas.exe[3472] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D92C5F
.text C:\Program Files\iTunes\iTunesHelper.exe[3536] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00D62DFD
.text C:\Program Files\iTunes\iTunesHelper.exe[3536] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00D62DBA
.text C:\Program Files\iTunes\iTunesHelper.exe[3536] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00D62D7E
.text C:\Program Files\iTunes\iTunesHelper.exe[3536] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D62D63
.text C:\Program Files\iTunes\iTunesHelper.exe[3536] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D62BEF
.text C:\Program Files\iTunes\iTunesHelper.exe[3536] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00D62CE1
.text C:\Program Files\iTunes\iTunesHelper.exe[3536] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D62C27
.text C:\Program Files\iTunes\iTunesHelper.exe[3536] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D62C5F
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3972] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00EF2DFD
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3972] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00EF2DBA
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3972] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00EF2D7E
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3972] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EF2D63
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3972] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EF2BEF
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3972] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00EF2CE1
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3972] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00EF2C27
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3972] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00EF2C5F

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

Device \Driver\ACPI \Device\00000051 86B03560
Device \Driver\ACPI \Device\00000052 86B03560
Device \Driver\ACPI \Device\00000055 86B03560

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\ACPI \Device\00000056 86B03560
Device \Driver\ACPI \Device\00000064 86B03560
Device \Driver\ACPI \Device\00000067 86B03560
Device \Driver\ACPI \Device\00000068 86B03560
Device \Driver\ACPI \Device\00000081 86B03560
Device \Driver\ACPI \Device\00000082 86B03560
Device \Driver\ACPI \Device\00000083 86B03560
Device \Driver\ACPI \Device\0000005b 86B03560
Device \Driver\ACPI \Device\0000006b 86B03560
Device \Driver\ACPI \Device\0000005f 86B03560
Device \Driver\ACPI \Device\0000006c 86B03560
Device \Driver\ACPI \Device\0000006d 86B03560
Device \Driver\ACPI \Device\0000006e 86B03560
Device \Driver\ACPI \Device\0000006f 86B03560

---- Threads - GMER 1.0.15 ----

Thread System [4:1936] 86B34300
Thread System [4:1944] 86B209F6
Thread System [4:1952] 86B52387
Thread System [4:1960] 86B23971
Thread System [4:912] 86B34300
Thread System [4:916] 86B209F6
Thread System [4:920] 86B52387
Thread System [4:924] 86B23971

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{3f96adcc-aa5d-4d55-8f91-0a371059c003}@Model 4
Reg HKLM\SOFTWARE\Classes\CLSID\{3f96adcc-aa5d-4d55-8f91-0a371059c003}@Therad 30
Reg HKLM\SOFTWARE\Classes\CLSID\{3f96adcc-aa5d-4d55-8f91-0a371059c003}@MData 0x2B 0x8F 0x78 0x29 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x5F 0xFA 0xC2 0xEF ...

---- EOF - GMER 1.0.15 ----

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:21 PM

Posted 25 April 2009 - 01:37 PM

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 MikeJDL

MikeJDL
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 25 April 2009 - 06:32 PM

Sorry for the late reply, I went out for a little while. Here is the ComboFix log:



ComboFix 09-04-25.A3 - Mike Jadoun 04/25/2009 18:48.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.441 [GMT -4:00]
Running from: c:\documents and settings\Mike Jadoun\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-4-25 )))))))))))))))))))))))))))))))
.

2009-04-19 21:43 . 2009-04-19 21:43 -------- d-----w c:\documents and settings\Mike Jadoun\Application Data\dvdcss
2009-04-19 17:56 . 2009-04-19 18:00 -------- d-----w c:\documents and settings\Mike Jadoun\Application Data\vlc
2009-04-19 17:53 . 2009-04-19 17:53 -------- d-----w c:\program files\VideoLAN
2009-04-15 19:14 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 19:14 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 19:14 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 19:14 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 19:14 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 19:14 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 19:14 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 19:14 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 19:14 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 19:12 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 19:12 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 19:12 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 01:53 . 2009-04-13 01:53 -------- d-----w c:\documents and settings\Mike Jadoun\Local Settings\Application Data\Opera
2009-04-13 01:52 . 2009-04-13 01:52 -------- d-----w c:\program files\Opera
2009-04-10 04:07 . 2009-04-10 04:07 -------- d-----w c:\documents and settings\Mike Jadoun\Application Data\Uniblue
2009-04-10 04:07 . 2009-04-10 04:07 -------- d-----w c:\program files\Uniblue
2009-04-10 03:12 . 2009-04-10 04:07 -------- dc-h--w c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-04-09 21:00 . 2009-04-13 21:14 69 ----a-w c:\windows\NeroDigital.ini
2009-04-08 22:29 . 2009-04-08 22:29 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-08 22:20 . 2009-04-08 22:26 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-04-08 22:20 . 2009-04-08 22:20 -------- d-----w c:\program files\NOS
2009-04-03 06:24 . 2009-04-03 06:24 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-04-03 05:51 . 2009-04-03 05:51 -------- d-----w c:\documents and settings\Mike Jadoun\Application Data\Malwarebytes
2009-04-03 05:51 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-03 05:51 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-03 05:51 . 2009-04-03 05:51 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-03 05:51 . 2009-04-08 22:16 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-02 07:49 . 2009-04-02 07:54 -------- d-----w c:\documents and settings\Mike Jadoun\Application Data\Nero
2009-04-02 05:42 . 2009-04-02 05:42 4767 ----a-w c:\windows\Irremote.ini
2009-04-02 05:39 . 2009-04-02 05:39 -------- d-----w c:\program files\Windows Sidebar
2009-04-02 05:18 . 2009-04-02 05:41 -------- d-----w c:\program files\Nero
2009-04-02 05:17 . 2009-04-02 05:30 -------- d-----w c:\documents and settings\All Users\Application Data\Nero
2009-04-02 05:17 . 2009-04-02 06:02 -------- d-----w c:\program files\Common Files\Nero
2009-03-29 23:34 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-29 23:09 . 2009-03-09 19:06 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-03-29 23:05 . 2009-03-29 23:05 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-29 22:12 . 2009-03-29 22:12 -------- d-----w c:\documents and settings\Mike Jadoun\Application Data\AVS4YOU
2009-03-29 22:12 . 2009-03-29 22:12 -------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-03-29 22:09 . 2009-03-29 22:50 -------- d-----w c:\program files\Common Files\AVSMedia
2009-03-29 22:09 . 2009-01-28 23:49 974848 ----a-w c:\windows\system32\mfc70.dll
2009-03-29 22:07 . 2009-03-29 22:49 -------- d-----w c:\program files\AVS4YOU
2009-03-29 22:07 . 2009-01-28 23:49 1700352 ----a-w c:\windows\system32\GdiPlus.dll
2009-03-29 22:07 . 2009-01-28 23:49 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-03-29 21:33 . 2009-04-10 14:22 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-29 21:33 . 2009-03-29 21:33 -------- d-----w c:\program files\DVD Shrink
2009-03-29 21:31 . 2009-03-29 21:31 -------- d-----w c:\program files\ExactFile
2009-03-29 19:16 . 2009-03-29 19:16 -------- d-----w c:\documents and settings\Mike Jadoun\Local Settings\Application Data\MagicSoftware
2009-03-29 19:16 . 2009-03-29 19:16 -------- d-----w c:\program files\MagicDVDRipper
2009-03-29 19:03 . 2009-03-29 19:03 -------- d-----w c:\program files\DVD Decrypter
2009-03-29 18:23 . 2009-03-29 23:21 1896749 ----a-w c:\windows\system32\uactmp.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-25 15:57 . 2009-04-03 06:03 3804 ----a-w C:\aaw7boot.log
2009-04-20 03:30 . 2006-03-15 06:08 72680 -c--a-w c:\documents and settings\Mike Jadoun\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-19 22:00 . 2008-03-18 17:15 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-19 21:59 . 2006-03-13 13:13 -------- d-----w c:\program files\SpywareBlaster
2009-04-15 02:41 . 2006-03-13 13:36 -------- d-----w c:\program files\World of Warcraft
2009-04-10 05:23 . 2006-04-20 19:51 -------- d-----w c:\documents and settings\Mike Jadoun\Application Data\.BitTornado
2009-04-08 22:28 . 2006-04-10 06:55 -------- d-----w c:\program files\Common Files\Adobe
2009-04-07 21:53 . 2008-07-18 00:21 -------- d-----w c:\program files\Notepad++
2009-04-02 04:51 . 2006-08-12 18:10 -------- d-----w c:\program files\Three Rings Design
2009-04-01 21:36 . 2005-11-29 05:23 -------- d-----w c:\program files\Java
2009-03-30 00:52 . 2007-05-08 04:57 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 23:05 . 2009-01-14 02:20 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-29 23:05 . 2006-03-13 13:24 -------- d-----w c:\program files\Lavasoft
2009-03-29 23:04 . 2007-11-15 00:39 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-16 21:45 . 2009-03-16 21:45 -------- d-----w c:\program files\Microsoft
2009-03-16 21:44 . 2009-03-16 21:44 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-16 21:44 . 2008-03-13 18:14 -------- d-----w c:\program files\Windows Live
2009-03-16 21:37 . 2009-03-16 21:37 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-11 01:46 . 2008-05-14 13:37 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-10 20:47 . 2006-03-13 13:18 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-10 20:44 . 2008-03-24 06:08 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-09 09:19 . 2008-11-27 01:15 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-10 15:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2006-05-10 05:25 826368 ------w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:18 . 2004-08-10 15:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-28 04:54 . 2006-10-17 17:04 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-20 10:20 . 2007-05-09 04:13 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-11-07 08:26 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2006-11-07 08:25 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-09 12:10 . 2004-08-10 15:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 15:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 15:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-10 15:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2008-10-15 18:59 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-10 15:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2008-10-15 18:59 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-07 23:02 . 2004-08-10 15:00 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 11:11 . 2004-08-10 15:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-15 18:59 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:08 . 2004-08-10 15:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-15 18:59 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 10:39 . 2004-08-10 15:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:39 . 2004-08-10 15:00 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-06 10:32 . 2008-10-15 18:59 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-10 15:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-12-15 03:21 . 2007-04-17 02:08 1208 -c--a-w c:\documents and settings\Mike Jadoun\Application Data\wklnhst.dat
2006-12-16 13:27 . 2006-05-08 08:03 60560 -c----w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-07-31 00:27 . 2006-03-13 10:09 134 -c----w c:\documents and settings\Mike Jadoun\Local Settings\Application Data\fusioncache.dat
2006-06-13 18:18 . 2006-08-12 18:18 32 -c----r c:\documents and settings\All Users\hash.dat
2006-05-10 09:03 . 2006-05-10 09:03 57352 -c----w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-11-29 05:36 . 2005-11-29 05:36 136 -c----w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 20:46 536576 ------w c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 20:46 536576 ------w c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 20:46 536576 ------w c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 20:46 536576 ------w c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 20:46 536576 ------w c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 20:46 536576 ------w c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2006-11-11 20:46 536576 ------w c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM+\AIM+.exe" [2002-06-10 309760]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-04-16 1833984]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-12 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-11 1601304]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AtiPTA"="atiptaxx.exe" - c:\windows\system32\atiptaxx.exe [2006-02-22 344064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-07 8720384]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
PGPtray.lnk - c:\program files\Network Associates\PGPNT\PGPTray.exe [2009-2-3 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2008-05-14 13:38 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MemTurbo.lnk]
backup=c:\windows\pss\MemTurbo.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike Jadoun^Start Menu^Programs^Startup^MemTurbo.lnk]
backup=c:\windows\pss\MemTurbo.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\StarNet\\X-Win32 6.1\\xwin32.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-03-09 64160]
S1 atitray;atitray;c:\program files\Radeon Omega Drivers\v3.8.413\ATI Tray Tools\atitray.sys [2007-05-22 18088]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-08-30 97928]
S1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2001-12-19 8576]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-11 298264]
S2 PGPmemlock;PGPmemlock;c:\windows\system32\drivers\PGPmemlock.sys [1999-12-20 6656]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]


--- Other Services/Drivers In Memory ---

*Deregistered* - inyafakj

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
\Shell\AutoRun\command - Z:\autoplay.exe
.
Contents of the 'Scheduled Tasks' folder

2007-05-01 c:\windows\Tasks\$$$ntbackup_temp$$$.job
- c:\windows\system32\ntbackup.exe [2004-08-10 00:12]

2009-04-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-04-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-04-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Mike Jadoun\Application Data\Mozilla\Firefox\Profiles\1llctgmm.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-25 19:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?9?4?9??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3f96adcc-aa5d-4d55-8f91-0a371059c003}]
@Denied: (Full) (Everyone)
"Model"=dword:00000004
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,40,02,13,ad,75,b8,fc,03,b5,66,4a,d0,23,02,d0,61,ec,a4,9a,4f,e3,e2,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):5f,fa,c2,ef,ba,d0,7c,42,39,7d,f9,0c,44,63,c5,ab,c7,43,c9,cd,b3,
4e,4f,f8,f7,53,4e,78,dc,61,02,0a,a9,b3,4a,b2,0d,06,8d,28,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1236)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'explorer.exe'(5748)
c:\windows\system32\PGPhk.dll
c:\program files\TortoiseSVN\bin\tortoisesvn.dll
c:\program files\TortoiseSVN\bin\intl3_svn.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-25 19:11
ComboFix-quarantined-files.txt 2009-04-25 23:11
ComboFix2.txt 2009-04-10 06:35

Pre-Run: 1,675,407,360 bytes free
Post-Run: 1,655,910,400 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
302 --- E O F --- 2009-04-21 06:18

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:21 PM

Posted 25 April 2009 - 07:26 PM

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 MikeJDL

MikeJDL
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 26 April 2009 - 12:25 AM

Here's the Kaspersky log:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, April 26, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, April 26, 2009 01:42:44
Records in database: 2079128
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 190862
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 04:02:15


File name / Threat name / Threats count
C:\Documents and Settings\Mike Jadoun\Application Data\Sun\Java\Deployment\cache\6.0\26\66e2f9da-6b2df62f Infected: Trojan-Downloader.Java.OpenConnection.ap 1
C:\Documents and Settings\Mike Jadoun\Application Data\Sun\Java\Deployment\cache\6.0\54\342ff276-43ca9824 Infected: Trojan-Downloader.Java.OpenConnection.ap 1
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

The selected area was scanned.

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:21 PM

Posted 26 April 2009 - 08:48 AM

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Files
    C:\Documents and Settings\Mike Jadoun\Application Data\Sun\Java\Deployment\cache\6.0\26\66e2f9da-6b2df62f
    C:\Documents and Settings\Mike Jadoun\Application Data\Sun\Java\Deployment\cache\6.0\54\342ff276-43ca9824	
    C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will then say FIx Complete.
  • Then press ok to open the log.
  • Please post that log in your next reply.
=======================
  • Double click on Otlistit to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Also let me know how things are running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 MikeJDL

MikeJDL
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 26 April 2009 - 11:57 AM

The computer seems to be running pretty well. After running OTList2 with those fixes, all the programs that I mentioned in my original post are now able to load without crashing right away. I'll test them out again after a restart just to be sure though.

Thank you very much for the help so far!

Here are the logs you requested:


========== FILES ==========
C:\Documents and Settings\Mike Jadoun\Application Data\Sun\Java\Deployment\cache\6.0\26\66e2f9da-6b2df62f moved successfully.
C:\Documents and Settings\Mike Jadoun\Application Data\Sun\Java\Deployment\cache\6.0\54\342ff276-43ca9824 moved successfully.
C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE moved successfully.

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04262009_104916






OTListIt logfile created on: 4/26/2009 10:50:52 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Mike Jadoun\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.17 Mb Total Physical Memory | 277.25 Mb Available Physical Memory | 27.12% Memory free
2.40 Gb Paging File | 1.67 Gb Available in Paging File | 69.40% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.32 Gb Total Space | 1.67 Gb Free Space | 2.25% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 20.10 Gb Free Space | 26.98% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DOGGERS
Current User Name: Mike Jadoun
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (www.tortoisesvn.org)
PRC - C:\WINDOWS\system32\taskmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
PRC - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
PRC - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\HPQ\SHARED\HPQWMI.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Curse\CurseClient.exe ()
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Network Associates\PGPNT\PGPTray.exe (Network Associates Technology, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Mike Jadoun\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Stopped]) -- File not found
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (avg8emc [Auto | Stopped]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [On_Demand | Stopped]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqwmi [On_Demand | Running]) -- C:\Program Files\HPQ\SHARED\HPQWMI.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (Imapi Helper [On_Demand | Stopped]) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (msvsmon80 [Disabled | Stopped]) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0 [Auto | Running]) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Stopped]) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (SQLBrowser [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (atitray [System | Running]) -- C:\Program Files\Radeon Omega Drivers\v3.8.413\ATI Tray Tools\atitray.sys ()
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\system32\drivers\EABFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\eabusb.sys (Hewlett-Packard Development Company, L.P.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWATI [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys (Logitech Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (PGPmemlock [Auto | Running]) -- C:\WINDOWS\system32\drivers\PGPmemlock.sys (Network Associates, Inc.)
DRV - (PID_08A0 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LV302AV.SYS (Logitech Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023xp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (SCDEmu [System | Running]) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Sentinel [Auto | Running]) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (Sntnlusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS (Rainbow Technologies Inc.)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (vcdrom [System | Running]) -- C:\WINDOWS\system32\drivers\VCdRom.sys (Microsoft Corporation)
DRV - (vmm [System | Running]) -- C:\WINDOWS\system32\Drivers\vmm.sys (Microsoft Corporation)
DRV - (VPCNetS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys (Microsoft Corporation)
DRV - (vsdatant [On_Demand | Stopped]) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (wceusbsh [System | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (WinDriver6 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\windrvr6.sys (Jungo)
DRV - (XilinxPC4Driver [Auto | Running]) -- C:\WINDOWS\System32\drivers\XPC4DRVR.SYS (Xilinx, Inc.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2008/07/08 14:13:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/15 15:33:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/10 17:28:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/26 10:32:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/23 09:20:20 | 00,000,000 | ---D | M]

[2008/06/18 15:04:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\mozilla\Extensions
[2008/06/18 15:04:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2006/03/13 07:25:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mike Jadoun\Application Data\mozilla\Firefox\Profiles\1llctgmm.default\extensions
[2008/06/24 20:41:41 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Mike Jadoun\Application Data\Mozilla\FireFox\Profiles\1llctgmm.default\searchplugins\imdb.xml
[2008/06/23 22:31:34 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Mike Jadoun\Application Data\Mozilla\FireFox\Profiles\1llctgmm.default\searchplugins\wikipedia-en.xml
[2009/04/20 23:43:24 | 00,002,431 | ---- | M] () -- C:\Documents and Settings\Mike Jadoun\Application Data\Mozilla\FireFox\Profiles\1llctgmm.default\searchplugins\youtube.xml
[2009/04/26 00:18:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/23 09:20:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/26 19:06:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/07/27 16:04:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/11/26 19:15:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/27 12:29:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/26 22:43:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/11/26 21:15:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/10 17:30:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/01 17:37:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/23 09:20:13 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/23 09:20:13 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/05/29 10:24:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/05/29 10:24:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/05/29 10:24:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 02:02:21 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/05/29 10:24:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/05/29 10:24:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/05/29 10:24:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (305924 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10535 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AtiPTA] atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [AIM] "C:\Program Files\AIM+\AIM+.exe" -cnetwait.odl File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe ()
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGPtray.lnk = C:\Program Files\Network Associates\PGPNT\PGPTray.exe (Network Associates Technology, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.microsoft.com/download/5/c.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1166214209265 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\Z\Shell - "" = AutoRun
O33 - MountPoints2\Z\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\Z\Shell\AutoRun\command - "" = Z:\autoplay.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/04/26 10:49:16 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/25 20:35:33 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/04/25 18:45:00 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/04/25 18:45:00 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/04/25 18:45:00 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/04/25 18:45:00 | 00,111,104 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/04/25 18:45:00 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/04/25 18:45:00 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/04/25 18:45:00 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/04/25 18:45:00 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/04/25 18:43:51 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/25 18:41:13 | 03,006,230 | R--- | C] () -- C:\Documents and Settings\Mike Jadoun\Desktop\ComboFix.exe
[2009/04/25 11:10:28 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Mike Jadoun\Desktop\37gw9mmk.exe
[2009/04/25 11:09:49 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mike Jadoun\Desktop\OTListIt2.exe
[2009/04/19 17:43:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Application Data\dvdcss
[2009/04/19 13:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Application Data\vlc
[2009/04/19 13:53:39 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/04/15 15:14:13 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 15:14:13 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 15:14:13 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 15:14:12 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/15 15:14:12 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 15:14:12 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 15:14:12 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 15:14:12 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 15:14:11 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 15:12:30 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/15 15:12:29 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 15:12:29 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/12 21:53:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Local Settings\Application Data\Opera
[2009/04/12 21:53:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Application Data\Opera
[2009/04/12 21:52:51 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009/04/11 01:10:43 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Mike Jadoun\Desktop\dds.scr
[2009/04/10 00:07:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Application Data\Uniblue
[2009/04/10 00:07:28 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/04/09 23:12:59 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2009/04/09 23:12:24 | 01,678,320 | ---- | C] (Uniblue Systems ) -- C:\Documents and Settings\Mike Jadoun\Desktop\boosterregistry.exe
[2009/04/09 20:48:57 | 10,718,94528 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/09 17:01:10 | 00,000,170 | ---- | C] () -- C:\Documents and Settings\Mike Jadoun\Application Data\default.rss
[2009/04/09 17:00:43 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/08 18:29:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/04/08 18:28:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/04/08 18:20:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/04/08 18:20:28 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/04/03 01:51:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Application Data\Malwarebytes
[2009/04/03 01:51:21 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/03 01:51:16 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/03 01:51:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/03 01:51:12 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/02 03:49:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Application Data\Nero
[2009/04/02 01:42:39 | 00,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/04/02 01:39:14 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/04/02 01:18:42 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/04/02 01:17:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/04/02 01:17:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2009/04/02 01:17:26 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/03/29 20:10:00 | 00,000,221 | ---- | C] () -- C:\Boot.bak
[2009/03/29 20:09:50 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/03/29 20:09:45 | 00,000,000 | ---D | C] -- C:\cmdcons
[2009/03/29 20:07:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/29 19:34:17 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/29 19:10:14 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/29 19:09:58 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/29 19:05:37 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/29 18:12:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Application Data\AVS4YOU
[2009/03/29 18:12:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/03/29 18:09:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2009/03/29 18:09:47 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2009/03/29 18:07:38 | 01,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2009/03/29 18:07:38 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2009/03/29 18:07:38 | 00,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2009/03/29 17:33:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/03/29 17:33:50 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2009/03/29 17:31:03 | 00,000,000 | ---D | C] -- C:\Program Files\ExactFile
[2009/03/29 15:16:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mike Jadoun\Local Settings\Application Data\MagicSoftware
[2009/03/29 15:16:45 | 00,000,000 | ---D | C] -- C:\Program Files\MagicDVDRipper
[2009/03/29 15:03:31 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2009/03/29 14:23:07 | 01,896,749 | ---- | C] () -- C:\WINDOWS\System32\uactmp.db
[2008/07/17 17:16:57 | 00,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2008/01/28 15:36:40 | 00,000,046 | ---- | C] () -- C:\WINDOWS\shnamp.ini
[2007/10/26 14:28:18 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/03/19 03:12:06 | 00,004,647 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/12/03 02:40:38 | 00,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2006/11/17 12:34:40 | 00,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/09/25 18:10:32 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2006/09/04 20:05:27 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/05/28 16:41:45 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/09 22:32:11 | 00,006,958 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/24 17:06:39 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/04/18 18:30:56 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/04/11 15:40:44 | 00,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/03/31 16:00:34 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2006/03/25 16:45:21 | 00,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/03/21 20:38:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/03/15 02:07:09 | 00,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/29 01:48:47 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/29 01:48:47 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/29 01:48:47 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/29 01:48:47 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/29 01:48:47 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/29 01:48:47 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/29 01:33:18 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/08/17 13:39:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/17 13:21:06 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/17 12:59:14 | 00,000,794 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/17 05:45:30 | 00,000,296 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/06 01:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/01 07:47:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/13 00:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[42 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/26 10:44:14 | 35,437,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/26 10:39:11 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/04/26 10:38:03 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/26 10:36:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/26 10:35:33 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/26 10:35:22 | 10,718,94528 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/25 19:00:20 | 00,000,296 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/25 18:42:13 | 03,006,230 | R--- | M] () -- C:\Documents and Settings\Mike Jadoun\Desktop\ComboFix.exe
[2009/04/25 13:59:03 | 00,111,104 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/04/25 11:10:32 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Mike Jadoun\Desktop\37gw9mmk.exe
[2009/04/25 11:10:17 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mike Jadoun\Desktop\OTListIt2.exe
[2009/04/24 09:10:41 | 00,032,111 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/23 17:52:46 | 00,080,384 | ---- | M] () -- C:\Documents and Settings\Mike Jadoun\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/20 19:09:33 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/20 14:30:23 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/19 23:30:26 | 00,072,680 | ---- | M] () -- C:\Documents and Settings\Mike Jadoun\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/04/19 17:54:39 | 00,305,924 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/18 09:40:48 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/17 15:59:50 | 00,001,770 | -H-- | M] () -- C:\Documents and Settings\Mike Jadoun\My Documents\Default.rdp
[2009/04/15 23:49:42 | 00,588,842 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/15 23:49:42 | 00,490,730 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/15 23:49:42 | 00,090,474 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/15 22:39:10 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/15 22:19:28 | 00,000,794 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/13 17:14:04 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/12 00:05:11 | 00,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/11 01:10:59 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Mike Jadoun\Desktop\dds.scr
[2009/04/10 02:10:36 | 00,000,170 | ---- | M] () -- C:\Documents and Settings\Mike Jadoun\Application Data\default.rss
[2009/04/09 23:12:36 | 01,678,320 | ---- | M] (Uniblue Systems ) -- C:\Documents and Settings\Mike Jadoun\Desktop\boosterregistry.exe
[2009/04/09 18:56:43 | 00,006,958 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/04/09 08:59:55 | 00,312,983 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090419-175439.backup
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 10:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/02 01:42:39 | 00,004,767 | ---- | M] () -- C:\WINDOWS\Irremote.ini
[2009/04/01 20:45:30 | 00,304,983 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090409-085955.backup
[2009/03/29 20:12:46 | 00,304,595 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090401-204530.backup
[2009/03/29 20:10:00 | 00,000,291 | RHS- | M] () -- C:\boot.ini
[2009/03/29 19:21:05 | 01,896,749 | ---- | M] () -- C:\WINDOWS\System32\uactmp.db

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:21 PM

Posted 26 April 2009 - 12:45 PM

Hi looks good just a few steps to go then you are on your way.

Please go to Start > Control Panel > then add\remove programs and remove only these:
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 11
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7

==============
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Delete\uninstall anything else that we have used.


System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbup2:


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 MikeJDL

MikeJDL
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:21 PM

Posted 26 April 2009 - 01:12 PM

Alright, I've cleaned everything up (freed up about a gig of harddrive space in the process) and I'm just about to go through the System Restore stuff now. I just wanted to thank you again for all the help. I really appreciate it :thumbup2:


-Mike

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:21 PM

Posted 26 April 2009 - 01:38 PM

You are welcome :thumbup2:


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users