Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got Spyware and Malware Again...


  • This topic is locked This topic is locked
13 replies to this topic

#1 sharpiejojo

sharpiejojo

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 17 July 2009 - 02:35 PM

I've got the Spyware/Malware again. Google redirects, Spybot won't open, Malwarebytes won't open, McAfee won't open, and now, for the first time ever, I can't open HijackThis.

I did, however, manage to get the OTListIt, so if it helps, I'll paste that below, and if anyone could help me with it, it would be greatly appreciated:


OTListIt logfile created on: 7/17/2009 3:02:48 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Administrator.D1234567\My Documents\Thanks Firefox
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.44% Memory free
3.34 Gb Paging File | 2.72 Gb Available in Paging File | 81.43% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.94 Gb Total Space | 38.63 Gb Free Space | 25.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D1234567
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2005/12/28 12:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/12/28 12:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/12/28 13:04:56 | 00,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/03/25 18:24:04 | 00,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe
PRC - [2008/10/28 16:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/02/18 17:26:52 | 00,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/05/09 21:43:13 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/30 08:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
PRC - [2006/11/30 08:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
PRC - [2006/11/17 13:40:56 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/10/26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/08/08 10:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2008/12/12 12:41:06 | 00,157,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2009/04/27 10:51:06 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2007/05/15 14:42:26 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/29 13:55:24 | 03,338,240 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe
PRC - [2008/02/22 12:40:20 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
PRC - [2008/02/22 05:46:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/12/28 12:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2009/06/09 01:31:32 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2007/05/10 10:23:50 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\StacSV.exe
PRC - [2005/11/30 14:33:04 | 00,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/12/12 12:41:02 | 00,060,032 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/02/06 06:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/11/06 13:33:00 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2005/12/14 00:41:00 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2009/07/03 14:02:02 | 07,678,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2006/11/17 13:39:58 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 03:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/04/24 16:02:01 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.D1234567\My Documents\Thanks Firefox\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/02/03 14:15:45 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/03/25 18:24:04 | 00,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr2 [Auto | Running])
SRV - [2005/12/28 12:45:02 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/10/28 16:42:30 | 00,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service [Auto | Running])
SRV - [2009/04/20 23:07:54 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/02/18 17:26:52 | 00,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted [Auto | Running])
SRV - [2009/05/09 21:43:13 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/11/17 13:37:44 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Unknown | Running])
SRV - [2006/11/30 08:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield [Unknown | Running])
SRV - [2006/11/30 08:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager [Unknown | Running])
SRV - [2006/10/26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2007/08/08 10:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2008/02/22 12:40:20 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2007/08/03 13:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2008/02/22 05:46:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/12/28 12:44:24 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2009/06/09 01:31:32 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet [Auto | Running])
SRV - [2005/12/28 12:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2007/05/10 10:23:50 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\StacSV.exe -- (STacSV [Auto | Running])
SRV - [2006/09/14 14:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2005/11/30 14:33:04 | 00,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe -- (tcsd_win32.exe [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2005/12/28 13:04:56 | 00,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/12/12 12:41:02 | 00,060,032 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
SRV - [2008/12/12 12:41:18 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/12/12 12:41:08 | 00,243,840 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/05/03 03:01:03 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2005/09/29 02:57:18 | 00,113,847 | R--- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2005/08/12 17:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2007/02/16 15:46:00 | 00,160,256 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2007/09/04 11:50:00 | 00,031,744 | ---- | M] (CSR, plc) -- C:\WINDOWS\System32\Drivers\csrbcxp.sys -- (CSRBC [On_Demand | Running])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/08/18 13:17:46 | 00,035,096 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
DRV - [2006/08/18 13:17:40 | 00,032,472 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2006/08/11 10:35:18 | 00,012,920 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2006/08/18 13:18:08 | 00,009,400 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLADResM.SYS -- (DLADResM [Auto | Running])
DRV - [2006/08/18 13:17:38 | 00,104,472 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2006/08/18 13:17:42 | 00,026,008 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2006/08/18 13:17:38 | 00,014,520 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2006/08/11 10:35:16 | 00,028,184 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
DRV - [2006/08/18 13:17:44 | 00,094,648 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2006/08/18 13:17:44 | 00,097,848 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2006/07/21 11:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2006/08/11 11:05:58 | 00,051,768 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2006/11/02 18:47:00 | 00,209,152 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2006/11/02 18:47:36 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2005/12/01 08:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Stopped])
DRV - [2005/12/14 01:09:34 | 01,364,574 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Stopped])
DRV - [2006/06/19 13:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2006/11/30 08:50:00 | 00,064,360 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
DRV - [2006/11/30 08:50:00 | 00,072,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2006/11/30 08:50:00 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2006/11/30 08:50:00 | 00,168,776 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
DRV - [2006/11/30 08:50:00 | 00,031,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk [System | Running])
DRV - [2006/11/30 08:50:00 | 00,052,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik [System | Running])
DRV - [2008/08/21 23:49:22 | 00,018,688 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motccgp.sys -- (motccgp [On_Demand | Stopped])
DRV - [2008/08/21 23:49:58 | 00,008,320 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motccgpfl.sys -- (motccgpfl [On_Demand | Stopped])
DRV - [2007/06/18 20:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\DRIVERS\motport.sys -- (motport [On_Demand | Stopped])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2008/03/13 03:25:36 | 02,530,176 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys -- (NETw4x32 [On_Demand | Running])
DRV - [2008/02/22 05:46:00 | 06,658,592 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/02/13 17:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2005/12/09 16:35:00 | 00,018,816 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\pbadrv.sys -- (PBADRV [Boot | Running])
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/06 12:37:28 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2005/12/28 14:22:08 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2009/01/15 15:31:38 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007/05/10 10:24:34 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2009/03/05 23:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/05/13 23:27:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usbccid.sys -- (USBCCID [On_Demand | Running])
DRV - [2005/12/05 07:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Stopped])
DRV - [2006/11/02 18:46:56 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2008/11/10 12:09:32 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://campus.mcla.edu"
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\PROGRAM FILES\IWIN GAMES\FIREFOX\ [2009/03/12 19:30:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/05/09 21:43:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/07/03 14:02:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/07/06 16:19:42 | 00,000,000 | ---D | M]

[2009/07/17 14:46:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.D1234567\Application Data\mozilla\Firefox\Profiles\skequ3vr.default\extensions
[2009/06/16 15:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.D1234567\Application Data\mozilla\Firefox\Profiles\skequ3vr.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/07/17 14:46:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.D1234567\Application Data\mozilla\Firefox\Profiles\skequ3vr.default\extensions\ConsumerInput@Compete
[2009/05/13 19:35:22 | 00,003,284 | ---- | M] () -- C:\Documents and Settings\Administrator.D1234567\Application Data\Mozilla\FireFox\Profiles\skequ3vr.default\searchplugins\luckysearch.xml
[2009/07/15 03:20:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/03 14:02:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/18 03:30:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/09 21:44:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/02/22 17:48:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\npmozax@real.com
[2009/07/03 14:02:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2009/07/03 14:01:56 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2009/07/03 14:01:56 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2009/07/03 14:01:56 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2009/07/03 14:01:57 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2009/07/03 14:01:57 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/07/03 14:02:06 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/03 14:02:06 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/03 14:02:06 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/03 14:02:06 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/03 14:02:07 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/03 14:02:07 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Sleep Moon Xpress\msdxm.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent (Electronic Arts)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator.D1234567\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shock...are/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1231950577015 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.208,85.255.112.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{44781E7E-9012-4183-A9C9-9F96E6CDBB79}\\NameServer = 85.255.112.208,85.255.112.79
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{4B64B65D-DDEA-4DA6-B942-AD44E9D5DBDB}\\NameServer = 85.255.112.208,85.255.112.79
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files\Sleep Moon Xpress\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (wxvault.dll) - C:\WINDOWS\system32\wxvault.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{083d5202-e258-11dd-91f1-001c233f87ae}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found
O33 - MountPoints2\{714f5568-06b7-11de-9208-001c233f87ae}\Shell - "" = AutoRun
O33 - MountPoints2\{714f5568-06b7-11de-9208-001c233f87ae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{714f5568-06b7-11de-9208-001c233f87ae}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7a1128c6-f7cf-11dd-91ff-001c233f87ae}\Shell - "" = AutoRun
O33 - MountPoints2\{7a1128c6-f7cf-11dd-91ff-001c233f87ae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7a1128c6-f7cf-11dd-91ff-001c233f87ae}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/07/17 14:40:45 | 00,000,276 | -H-- | C] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/07/16 21:01:20 | 87,501,730 | ---- | C] () -- C:\Documents and Settings\Administrator.D1234567\Desktop\Wheatus_MP3_standard.zip
[2009/07/10 14:59:47 | 00,000,000 | ---D | C] -- C:\Program Files\BillyMaysCapsLock
[2009/07/02 00:29:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.D1234567\Local Settings\Application Data\SecondLife
[2009/07/02 00:29:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.D1234567\Application Data\SecondLife
[2009/07/02 00:29:07 | 00,000,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Second Life.lnk
[2009/07/02 00:27:48 | 00,000,000 | ---D | C] -- C:\Program Files\SecondLife
[2009/06/28 21:25:09 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/06/28 21:24:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/06/28 21:24:28 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/06/28 21:24:28 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/06/28 21:24:28 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/28 21:24:28 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/28 21:24:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/06/28 21:22:51 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/06/27 09:22:39 | 00,013,880 | ---- | C] () -- C:\Documents and Settings\Administrator.D1234567\My Documents\Boyfriend Application.docx
[2009/06/23 12:48:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.D1234567\My Documents\Electronic Arts
[2009/06/23 12:47:35 | 00,000,000 | ---D | C] -- C:\ProgramData
[2009/06/23 12:47:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/06/23 12:42:10 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
[2009/06/23 12:41:47 | 00,001,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk
[2009/06/23 12:28:56 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2009/06/22 23:35:03 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_zumbus_01007.Wdf
[2009/06/22 23:35:01 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009/06/22 23:34:59 | 00,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2009/06/22 23:34:42 | 00,000,628 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Zune.lnk
[2009/06/22 23:34:18 | 00,000,000 | ---D | C] -- C:\Program Files\Zune
[2009/06/22 23:32:52 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2009/06/22 23:32:51 | 00,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll
[2009/06/22 23:32:51 | 00,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll
[2009/06/22 23:32:51 | 00,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll
[2009/06/22 23:32:51 | 00,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll
[2009/06/22 23:09:24 | 00,000,000 | ---D | C] -- C:\54e62ac2c9479dd585897d0b09
[2009/06/18 00:20:04 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/06/18 00:19:42 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/06/18 00:16:30 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/05/06 19:45:57 | 00,000,365 | ---- | C] () -- C:\WINDOWS\SoftWriting.ini
[2009/04/29 01:17:03 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/04/23 02:08:26 | 00,017,543 | ---- | C] () -- C:\WINDOWS\93bzsteal1558.dll
[2009/04/23 02:08:26 | 00,017,503 | ---- | C] () -- C:\WINDOWS\79bba5dware2735z.dll
[2009/04/23 02:08:26 | 00,016,969 | ---- | C] () -- C:\WINDOWS\System32\7295adzw5re690.dll
[2009/04/23 02:08:26 | 00,015,825 | ---- | C] () -- C:\WINDOWS\System32\4d69s5eal120z9.dll
[2009/04/23 02:08:26 | 00,015,163 | ---- | C] () -- C:\WINDOWS\System32\33d2sp5waze2297.dll
[2009/04/23 02:08:26 | 00,014,992 | ---- | C] () -- C:\WINDOWS\25990szy369.dll
[2009/04/23 02:08:26 | 00,014,134 | ---- | C] () -- C:\WINDOWS\System32\899th5e91z23.dll
[2009/04/23 02:08:26 | 00,013,271 | ---- | C] () -- C:\WINDOWS\System32\69zdth5ea910905.dll
[2009/04/23 02:08:26 | 00,013,066 | ---- | C] () -- C:\WINDOWS\30933s5y4z9.dll
[2009/04/23 02:08:26 | 00,013,011 | ---- | C] () -- C:\WINDOWS\23890ha5ktool65z.dll
[2009/04/23 02:08:26 | 00,012,861 | ---- | C] () -- C:\WINDOWS\96z3vir1055.dll
[2009/04/23 02:08:26 | 00,012,255 | ---- | C] () -- C:\WINDOWS\System32\7z5spy9are2906.dll
[2009/04/23 02:08:26 | 00,010,724 | ---- | C] () -- C:\WINDOWS\z8e8vir9155.dll
[2009/04/23 02:08:26 | 00,010,537 | ---- | C] () -- C:\WINDOWS\System32\fccdown5oadzr929.dll
[2009/04/23 02:08:26 | 00,009,339 | ---- | C] () -- C:\WINDOWS\5f17v9r1913z.dll
[2009/04/23 02:08:26 | 00,008,268 | ---- | C] () -- C:\WINDOWS\System32\5d8aspar9e605z.dll
[2009/04/23 02:08:26 | 00,007,906 | ---- | C] () -- C:\WINDOWS\355abackdzor2895.dll
[2009/04/23 02:08:26 | 00,007,593 | ---- | C] () -- C:\WINDOWS\3509zt9oj6d3.dll
[2009/04/23 02:08:26 | 00,006,829 | ---- | C] () -- C:\WINDOWS\System32\29559troj545z.dll
[2009/04/23 02:08:26 | 00,006,516 | ---- | C] () -- C:\WINDOWS\System32\5384vi5us4z9.dll
[2009/04/23 02:08:26 | 00,006,396 | ---- | C] () -- C:\WINDOWS\System32\2z35hac9too5262.dll
[2009/04/23 02:08:26 | 00,004,403 | ---- | C] () -- C:\WINDOWS\System32\8011zot-a-95rus39d.dll
[2009/04/23 02:08:26 | 00,004,397 | ---- | C] () -- C:\WINDOWS\20550s9y725z.dll
[2009/04/23 02:08:26 | 00,003,787 | ---- | C] () -- C:\WINDOWS\5689tzal3232.dll
[2009/04/23 02:08:26 | 00,002,924 | ---- | C] () -- C:\WINDOWS\System32\5577v9r2908z.dll
[2009/04/23 02:08:26 | 00,002,592 | ---- | C] () -- C:\WINDOWS\5622tzoj695.dll
[2009/03/19 22:17:23 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2009/02/03 01:52:37 | 00,017,430 | ---- | C] () -- C:\WINDOWS\System32\z9164tr5j5ac.dll
[2009/01/27 17:00:00 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/26 04:26:24 | 00,012,218 | ---- | C] () -- C:\WINDOWS\7ddcthrea511z809.dll
[2009/01/21 13:52:32 | 00,016,837 | ---- | C] () -- C:\WINDOWS\System32\479zbackdoor254.dll
[2009/01/20 21:15:51 | 00,014,308 | ---- | C] () -- C:\WINDOWS\System32\9544ztroj618.dll
[2009/01/19 18:08:14 | 00,004,506 | ---- | C] () -- C:\WINDOWS\5989py3bz.dll
[2009/01/15 15:31:38 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/01/12 21:54:40 | 00,008,781 | ---- | C] () -- C:\WINDOWS\z8196tro9454.dll
[2009/01/04 02:00:51 | 00,004,473 | ---- | C] () -- C:\WINDOWS\53149ir5zeb.dll
[2008/12/23 22:52:17 | 00,010,202 | ---- | C] () -- C:\WINDOWS\System32\15616hacktzo9586.dll
[2008/12/22 20:54:36 | 00,009,389 | ---- | C] () -- C:\WINDOWS\System32\18691szambot523.dll
[2008/12/13 14:06:08 | 00,016,075 | ---- | C] () -- C:\WINDOWS\System32\6084threa59z294.dll
[2008/12/12 19:01:28 | 00,010,889 | ---- | C] () -- C:\WINDOWS\20619hzc59ool717.dll
[2008/12/01 01:57:38 | 00,012,216 | ---- | C] () -- C:\WINDOWS\System32\9845zacktool135.dll
[2008/11/25 06:59:23 | 00,005,874 | ---- | C] () -- C:\WINDOWS\System32\6312st59l1z28.dll
[2008/11/18 11:17:23 | 00,006,023 | ---- | C] () -- C:\WINDOWS\System32\757az9reat5004.dll
[2008/11/17 03:57:10 | 00,018,048 | ---- | C] () -- C:\WINDOWS\z7211w9rm7505.dll
[2008/11/12 19:14:48 | 00,011,590 | ---- | C] () -- C:\WINDOWS\System32\42z6stea52903.dll
[2008/10/23 03:39:58 | 00,017,454 | ---- | C] () -- C:\WINDOWS\7a5cviz31029.dll
[2008/10/21 05:13:51 | 00,014,566 | ---- | C] () -- C:\WINDOWS\System32\4342v9rzs225.dll
[2008/10/18 15:52:52 | 00,006,921 | ---- | C] () -- C:\WINDOWS\8287zir9s573.dll
[2008/10/11 08:45:33 | 00,003,828 | ---- | C] () -- C:\WINDOWS\103215iruszef9.dll
[2008/10/09 07:52:46 | 00,012,824 | ---- | C] () -- C:\WINDOWS\7f7795iefz7.dll
[2008/10/06 21:49:41 | 00,018,284 | ---- | C] () -- C:\WINDOWS\System32\57290virus7z59.dll
[2008/09/28 19:00:11 | 00,008,597 | ---- | C] () -- C:\WINDOWS\System32\3z4cvir18759.dll
[2008/09/23 16:54:21 | 00,005,790 | ---- | C] () -- C:\WINDOWS\12c5ba9kdo5r2z46.dll
[2008/09/20 09:34:06 | 00,005,423 | ---- | C] () -- C:\WINDOWS\19838zacktoo5609.dll
[2008/09/15 09:34:49 | 00,007,124 | ---- | C] () -- C:\WINDOWS\26944not-azviru5198.dll
[2008/09/13 22:51:38 | 00,017,541 | ---- | C] () -- C:\WINDOWS\System32\23z62sp9mbot505.dll
[2008/09/11 02:56:36 | 00,013,507 | ---- | C] () -- C:\WINDOWS\28573wo9z59.dll
[2008/09/08 14:54:14 | 00,004,519 | ---- | C] () -- C:\WINDOWS\5d1zspyware2975.dll
[2008/09/07 04:53:05 | 00,018,372 | ---- | C] () -- C:\WINDOWS\System32\3c42downzo59er679.dll
[2008/08/27 15:35:32 | 00,009,215 | ---- | C] () -- C:\WINDOWS\974259yz65.dll
[2008/08/22 02:24:04 | 00,017,082 | ---- | C] () -- C:\WINDOWS\6b9cbaczdoor3255.dll
[2008/08/16 14:41:13 | 00,007,257 | ---- | C] () -- C:\WINDOWS\718s9zware17835.dll
[2008/08/12 20:25:10 | 00,013,435 | ---- | C] () -- C:\WINDOWS\System32\17aezownl5ader991.dll
[2008/08/09 03:47:34 | 00,012,845 | ---- | C] () -- C:\WINDOWS\zb575parse9356.dll
[2008/08/04 03:46:10 | 00,011,925 | ---- | C] () -- C:\WINDOWS\2055thiz911025.dll
[2008/07/26 12:18:15 | 00,008,837 | ---- | C] () -- C:\WINDOWS\System32\14756troz3955.dll
[2008/07/25 03:44:14 | 00,009,978 | ---- | C] () -- C:\WINDOWS\System32\12z48hac5to9l20e.dll
[2008/07/24 17:22:18 | 00,012,290 | ---- | C] () -- C:\WINDOWS\System32\55zbv9r1488.dll
[2008/07/21 13:52:38 | 00,012,353 | ---- | C] () -- C:\WINDOWS\55329ir19z8.dll
[2008/07/20 06:12:38 | 00,013,083 | ---- | C] () -- C:\WINDOWS\System32\z9172spambot3595.dll
[2008/07/20 03:39:56 | 00,009,004 | ---- | C] () -- C:\WINDOWS\System32\21095trz91f0.dll
[2008/07/18 22:02:38 | 00,008,498 | ---- | C] () -- C:\WINDOWS\System32\99z9addwa5e2513.dll
[2008/07/09 13:33:29 | 00,014,692 | ---- | C] () -- C:\WINDOWS\System32\5889zpy975.dll
[2008/07/02 11:09:45 | 00,006,581 | ---- | C] () -- C:\WINDOWS\6f15backdoz59620.dll
[2008/06/25 07:00:41 | 00,009,389 | ---- | C] () -- C:\WINDOWS\22518s9am5ot4az.dll
[2008/06/20 06:57:42 | 00,002,858 | ---- | C] () -- C:\WINDOWS\5z685ddware2990.dll
[2008/06/20 06:43:11 | 00,015,357 | ---- | C] () -- C:\WINDOWS\System32\14098troj354z.dll
[2008/06/03 07:04:42 | 00,003,996 | ---- | C] () -- C:\WINDOWS\42849hreat295z4.dll
[2008/06/01 05:48:35 | 00,007,788 | ---- | C] () -- C:\WINDOWS\System32\7f05thre9z19589.dll
[2008/05/23 16:59:43 | 00,013,154 | ---- | C] () -- C:\WINDOWS\System32\9ef5virz959.dll
[2008/05/19 10:42:02 | 00,007,769 | ---- | C] () -- C:\WINDOWS\140ztroj6859.dll
[2008/05/16 17:14:06 | 00,015,944 | ---- | C] () -- C:\WINDOWS\3z625hacktool89.dll
[2008/05/13 08:39:58 | 00,018,399 | ---- | C] () -- C:\WINDOWS\System32\94c0s5zrse57.dll
[2008/05/13 06:15:28 | 00,012,949 | ---- | C] () -- C:\WINDOWS\47ffv5r985z.dll
[2008/05/12 09:35:56 | 00,012,592 | ---- | C] () -- C:\WINDOWS\System32\279z5pars92028.dll
[2008/05/04 22:51:40 | 00,012,535 | ---- | C] () -- C:\WINDOWS\315769pambo5z7c.dll
[2008/05/02 22:17:33 | 00,003,956 | ---- | C] () -- C:\WINDOWS\System32\1749zteal5452.dll
[2008/04/29 10:11:34 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/04/29 10:11:34 | 00,000,169 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/21 20:27:41 | 00,018,220 | ---- | C] () -- C:\WINDOWS\3f59downlozder3117.dll
[2008/04/17 00:15:50 | 00,005,225 | ---- | C] () -- C:\WINDOWS\System32\1aafv9r8z75.dll
[2008/04/01 23:28:24 | 00,008,585 | ---- | C] () -- C:\WINDOWS\System32\4525spzrse1039.dll
[2008/03/17 18:37:05 | 00,013,013 | ---- | C] () -- C:\WINDOWS\97629zy1a55.dll
[2008/03/15 17:11:54 | 00,011,097 | ---- | C] () -- C:\WINDOWS\System32\ba9addwa9ez520.dll
[2008/03/15 08:35:38 | 00,004,018 | ---- | C] () -- C:\WINDOWS\System32\650d95ywarz1202.dll
[2008/03/13 10:53:00 | 00,003,651 | ---- | C] () -- C:\WINDOWS\System32\b59sparse2727z.dll
[2008/03/01 00:56:15 | 00,011,407 | ---- | C] () -- C:\WINDOWS\z195ackdo9r1535.dll
[2008/02/25 07:07:01 | 00,010,901 | ---- | C] () -- C:\WINDOWS\2z2add9are656.dll
[2008/02/12 03:42:19 | 00,008,891 | ---- | C] () -- C:\WINDOWS\System32\51z84sp94d3.dll
[2008/02/11 20:39:15 | 00,016,155 | ---- | C] () -- C:\WINDOWS\System32\75z8spy1c9.dll
[2008/02/10 03:39:04 | 00,011,657 | ---- | C] () -- C:\WINDOWS\System32\19349ddwaze3508.dll
[2008/02/06 12:54:29 | 00,010,103 | ---- | C] () -- C:\WINDOWS\System32\594zt9oj57b.dll
[2008/01/27 01:04:09 | 00,003,108 | ---- | C] () -- C:\WINDOWS\925165py6f3z.dll
[2008/01/17 21:43:06 | 00,006,848 | ---- | C] () -- C:\WINDOWS\61z3downloa59r2651.dll
[2008/01/06 02:38:56 | 00,010,062 | ---- | C] () -- C:\WINDOWS\29936sp5zbote.dll
[2007/05/17 10:38:50 | 00,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll
[2007/05/15 12:32:52 | 01,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/05/15 12:32:51 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/05/15 12:32:51 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/05/15 12:32:51 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/11/09 17:07:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 23:36:50 | 00,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/05/10 11:45:23 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/03 03:09:57 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/03 03:05:29 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/05/03 03:05:29 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/05/03 02:43:50 | 00,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/25 18:19:50 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/03/24 16:19:22 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/03/24 16:14:34 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/03/24 16:14:28 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/03/24 16:14:22 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/03/24 16:14:18 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/03/24 16:14:12 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/03/24 16:14:08 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/03/24 16:14:02 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/03/24 16:13:58 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/03/24 16:13:52 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/03/24 16:13:46 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/03/09 13:25:24 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2006/03/09 13:24:10 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2005/12/01 15:41:20 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2005/11/30 14:33:06 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2005/11/30 14:33:06 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2005/11/30 14:33:06 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2005/11/30 14:33:06 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2005/11/30 14:33:06 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2005/11/30 14:33:06 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2005/11/30 14:33:06 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2005/11/30 14:33:06 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2005/09/20 14:36:06 | 00,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2004/09/01 18:56:40 | 00,003,584 | ---- | C] () -- C:\WINDOWS\System32\wceprv.dll
[2004/08/11 18:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:00:37 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 18:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/07/21 16:03:14 | 00,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 15:27:52 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/07/17 15:01:01 | 00,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/07/17 15:00:00 | 00,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/07/17 14:46:03 | 00,061,475 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/07/17 14:45:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/17 14:45:21 | 00,017,408 | ---- | M] () -- C:\WINDOWS\System32\Rpcnetp.exe
[2009/07/17 14:45:19 | 00,221,569 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/07/17 14:45:19 | 00,056,680 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2009/07/17 14:45:12 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/07/17 14:45:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/17 14:45:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/17 14:45:05 | 21,453,49632 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/16 22:16:12 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/16 21:07:28 | 87,501,730 | ---- | M] () -- C:\Documents and Settings\Administrator.D1234567\Desktop\Wheatus_MP3_standard.zip
[2009/07/15 19:34:55 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/07/15 03:02:53 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/11 19:29:02 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Administrator.D1234567\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/11 09:03:38 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/07/10 18:22:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/08 16:49:32 | 02,114,246 | -H-- | M] () -- C:\Documents and Settings\Administrator.D1234567\Local Settings\Application Data\IconCache.db
[2009/07/08 16:40:55 | 00,061,475 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/07/07 11:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/02 00:29:07 | 00,000,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Second Life.lnk
[2009/06/28 23:08:39 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\Administrator.D1234567\My Documents\desktop.ini
[2009/06/28 20:18:00 | 00,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/06/27 15:32:11 | 00,013,880 | ---- | M] () -- C:\Documents and Settings\Administrator.D1234567\My Documents\Boyfriend Application.docx
[2009/06/23 22:11:07 | 00,473,400 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/23 22:11:07 | 00,402,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/23 22:11:07 | 00,063,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/23 22:06:52 | 00,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2009/06/23 12:41:48 | 00,001,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Sims™ 3.lnk
[2009/06/22 23:35:03 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_zumbus_01007.Wdf
[2009/06/22 23:35:01 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2009/06/22 23:34:42 | 00,000,628 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zune.lnk
[2009/06/18 00:16:30 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
< End of report >

BC AdBot (Login to Remove)

 


#2 sharpiejojo

sharpiejojo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 22 July 2009 - 09:43 PM

I've had this problem for over a week now and I haven't heard anything from anyone in 5 days! Please help me! Also, Combofix doesn't work either...

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 22 July 2009 - 09:47 PM.


#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:37 PM

Posted 27 July 2009 - 05:16 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#4 sharpiejojo

sharpiejojo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 30 July 2009 - 07:57 PM

Hey, thanks!

Two things popped out in notepad, so I'll post both of the results:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/9/2006 1:28:17 PM
System Uptime: 7/30/2009 7:29:14 PM (1 hours ago)

Motherboard: Dell Inc. | |
Processor: Intel Pentium III Xeon processor | Microprocessor | 2394/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 82.61 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


2007 Microsoft Office Suite Service Pack 1 (SP1)
AAC Decoder
Ad-Aware
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.6
Adobe Shockwave Player 11
Adobe Stock Photos 1.0
AIM 6
AIMTunes
ALPS Touch Pad Driver
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
Are You Smarter Than A 5th Grader (remove only)
Ask Toolbar
Audacity 1.2.6
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Bonjour
Broadcom Advanced Control Suite
Broadcom Gigabit Integrated Controller
Broadcom TPM Driver Installer
Cake Mania
Cake Mania 2
Cake Mania 3
Canon MP160
CCleaner (remove only)
Conexant HDA D110 MDC V.92 Modem
Conexant HDA D330 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Embassy Trust Suite by Wave Systems
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Document Manager Lite
EA Download Manager
EMBASSY Security Center
EMBASSY Trust Suite by Wave Systems
ETS Launch Pad
Family Feud (remove only)
Family Feud Dream Home (remove only)
Family Feud Hollywood Ed (remove only)
Family Feud II (remove only)
H.264 Decoder
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Home Sweet Home (remove only)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
iTunes
iWin Games (remove only)
J2SE Development Kit 5.0 Update 11
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 13
Java™ 6 Update 7
Jewel Match 2 (remove only)
Last.fm 1.5.4.24567
Magic DVD Ripper V5.4
Malwarebytes' Anti-Malware
MCLA First Class Client v.9.124_1
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
mIWA
MKV Splitter
mLogView
mMHouse
Modem Helper
Mozilla Firefox (2.0.0.20)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mWMI
mXML
mZConfig
NASCAR Toolbar
Nero 8
NetWaiting
NTRU Hybrid TSS v2.0.7
NVIDIA Drivers
PowerDVD 5.7
Preboot Manager
Private Information Manager
QuickSet
QuickTime
RealArcade
RealPlayer
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Seagate Manager Installer
SecondLife (remove only)
Secure Update
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Security Wizards
SigmaTel Audio
SimpleOCR 3.1
Sleep Moon Xpress
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
StepMania (remove only)
The Game of Life
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 Celebration! Stuff
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
TigerLogic ChunkIt!-Firefox XPI
TuneUp Companion 1.5.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb971933)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Veoh Web Player Beta
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

==== Event Viewer Messages From Past Week ========

7/28/2009 12:08:09 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
7/28/2009 12:03:43 AM, error: Service Control Manager [7034] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 3 time(s).
7/28/2009 12:03:21 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/28/2009 12:03:12 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
7/27/2009 11:21:47 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
7/26/2009 12:48:39 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
7/26/2009 12:48:23 AM, error: SRService [104] - The System Restore initialization process failed.
7/25/2009 12:34:06 PM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
7/25/2009 12:32:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/25/2009 12:18:35 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/25/2009 12:17:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD APPDRV aswSP avgio avipbb Fips intelppm IPSec mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip WS2IFSL
7/25/2009 12:17:34 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/25/2009 12:17:34 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/25/2009 12:17:34 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/25/2009 12:17:34 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/25/2009 12:17:34 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/25/2009 12:17:34 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/25/2009 12:10:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/25/2009 12:06:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 APPDRV aswSP avgio avipbb Fips intelppm ssmdrv

==== End Of File ===========================



DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 20:49:40.65 on Thu 07/30/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1276 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Documents and Settings\Administrator.D1234567\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\administrator.d1234567\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\biolsp.dll
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231950577015
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.208,85.255.112.79
TCP: {44781E7E-9012-4183-A9C9-9F96E6CDBB79} = 85.255.112.208,85.255.112.79
TCP: {4B64B65D-DDEA-4DA6-B942-AD44E9D5DBDB} = 85.255.112.208,85.255.112.79
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: wxvault.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1.d12\applic~1\mozilla\firefox\profiles\skequ3vr.default\
FF - prefs.js: browser.startup.homepage - hxxp://campus.mcla.edu
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - HiddenExtension: Java Console: No Registry Reference - c:\progra~1\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\progra~1\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-20 64160]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-7-22 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-7-22 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-7-22 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-20 55640]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2009-2-18 78104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-3-19 104000]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-15 24652]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]

=============== Created Last 30 ================

2009-07-30 20:48 <DIR> --d-h--- c:\windows\PIF
2009-07-30 20:32 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-30 20:32 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-30 20:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 02:16 <DIR> --dsh--- c:\documents and settings\administrator.d1234567\PrivacIE
2009-07-25 01:11 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-07-25 01:11 <DIR> --d----- c:\documents and settings\administrator.d1234567\.housecall6.6
2009-07-25 01:04 664 a------- c:\windows\system32\d3d9caps.dat
2009-07-22 23:16 <DIR> --d----- c:\program files\Avira
2009-07-22 23:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-07-22 15:25 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-07-22 15:21 <DIR> --d----- c:\windows\ERUNT
2009-07-22 15:14 <DIR> --d----- C:\SDFix
2009-07-20 18:01 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-20 16:23 36 ----hr-- c:\windows\sued.dat
2009-07-20 00:56 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-20 00:47 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-20 00:46 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-20 00:46 <DIR> --d----- c:\program files\Lavasoft
2009-07-10 14:59 <DIR> --d----- c:\program files\BillyMaysCapsLock
2009-07-02 00:27 <DIR> --d----- c:\program files\SecondLife

==================== Find3M ====================

2009-07-30 19:29 17,408 a------- c:\windows\system32\Rpcnetp.exe
2009-07-30 19:29 56,680 a------- c:\windows\system32\rpcnet.dll
2009-07-30 09:05 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-07-28 00:19 61,475 a------- c:\windows\system32\nvModes.dat
2009-07-22 15:37 56,680 a------- c:\windows\system32\rpcnet.exe
2009-07-22 12:47 208,324 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-06-22 23:35 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-06-22 23:35 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll
2009-06-02 06:12 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 01:15 5,936,128 -------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 01:15 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-05-09 21:43 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 11:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-03-02 23:41 396 a------- c:\program files\InstallWoW.log
2009-03-02 21:37 1,131,176 a------- c:\program files\WoW-installer-3.0.1.8874-x86-Win-enUS.exe
2007-05-03 23:13 936,168 a------- c:\program files\common files\SaveAsPDF.exe

============= FINISH: 20:50:04.87 ===============

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 31 July 2009 - 12:49 PM

Hello.

Please run GMER for me, if it doesn't work run RootRepeal. Any problems let me know.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt (refer below) to run a full scan. Click NO..
    Posted Image
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries

IF GMER DOESN'T WORK:

Download and run RootRepeal CR

Please download RootRepeal to your desktop
Alternative Download Link 2
Alternative Download Link 3
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Unzip it to it's own folder
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the Report tab at the bottom.
  • Now click the Scan button in the Report Tab. Posted Image
  • A box will pop up, check the boxes beside ALL SIX
    Posted Image
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button. Posted Image
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the log here in your reply.
With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 sharpiejojo

sharpiejojo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 01 August 2009 - 01:10 AM

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-08-01 02:07:17
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT BA7D5ECE ZwCreateKey
SSDT BA7D5EC4 ZwCreateThread
SSDT BA7D5ED3 ZwDeleteKey
SSDT BA7D5EDD ZwDeleteValueKey
SSDT spxg.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spxg.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT BA7D5EE2 ZwLoadKey
SSDT spxg.sys ZwOpenKey [0xB9EA80C0]
SSDT BA7D5EB0 ZwOpenProcess
SSDT BA7D5EB5 ZwOpenThread
SSDT spxg.sys ZwQueryKey [0xB9EC7108]
SSDT spxg.sys ZwQueryValueKey [0xB9EC6F88]
SSDT BA7D5EEC ZwReplaceKey
SSDT BA7D5EE7 ZwRestoreKey
SSDT BA7D5ED8 ZwSetValueKey
SSDT BA7D5EBF ZwTerminateProcess

INT 0x62 ? 8A921BF8
INT 0x63 ? 8A921BF8
INT 0x84 ? 8A714BF8
INT 0x94 ? 8A714BF8
INT 0x94 ? 8A714BF8
INT 0x94 ? 8A714BF8
INT 0xA4 ? 8A714BF8
INT 0xA4 ? 8A714BF8
INT 0xA4 ? 8A714BF8
INT 0xA4 ? 8A714BF8

Code 8A74CBD8 ZwFlushInstructionCache
Code 8A3CD2AE IofCallDriver
Code 8A4EEB4E IofCompleteRequest
Code 8A7A01CD ZwSaveKey
Code 8A79AD9D ZwSaveKeyEx

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 02 August 2009 - 08:53 AM

Hello.

We need to run Combofix.

Download and Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2

Please refer to this page for full instructions on how to run ComboFix.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 sharpiejojo

sharpiejojo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 02 August 2009 - 01:55 PM

Combofix won't open...:thumbup2:

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 03 August 2009 - 09:18 AM

Hello.

See if re-naming it to something else will work. If not, delete the copy of Combofix you currently have and do the following.

If it still doesn't work, please let me know.

Download and Run ComboFix (Rename Before Saving)


Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image

Posted Image

Refer to the page below for further instructions on running ComboFix. This includes installing the Recovery Console. Note that you do not need your Windows XP disk to install it. Refer to this page if you are unsure how.

Double click on Combo-Fix.exe & follow the prompts.

When finished, it will produce a open a report for you. Post back with it. It is at C:\ComboFix.txt.

Do not mouseclick the ComboFix window while it's running. That may cause it to stall.

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 sharpiejojo

sharpiejojo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 04 August 2009 - 01:07 AM

ComboFix 09-08-03.04 - Administrator 08/03/2009 18:30.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1567 [GMT -4:00]
Running from: c:\documents and settings\Administrator.D1234567\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\iWin Games\iWinGamesHookIE.dll
c:\windows\103215iruszef9.dll
c:\windows\1052downloadzr32995.exe
c:\windows\11567wo9m7z35.ocx
c:\windows\125z1tro9212.bin
c:\windows\12946spambot6z5.cpl
c:\windows\12c5ba9kdo5r2z46.dll
c:\windows\13z70v9rus650.bin
c:\windows\13zethi9f28165.bin
c:\windows\140ztroj6859.dll
c:\windows\14262zot-a5virus973.bin
c:\windows\143995or975ez.bin
c:\windows\154169izu5e1.cpl
c:\windows\15553wo9m5zb.cpl
c:\windows\1556ztea91890.bin
c:\windows\15azd5wnloade9590.cpl
c:\windows\15espywz9e2827.ocx
c:\windows\15z329irus6f.ocx
c:\windows\15z57spy369.cpl
c:\windows\16320noz-a-vir5s920.cpl
c:\windows\16443z5t-a-9irus39b.bin
c:\windows\16956spyzc25.bin
c:\windows\18375wozm955.ocx
c:\windows\18571spambo954z5.exe
c:\windows\1900th5eat2z303.bin
c:\windows\19345w9zm7b5.exe
c:\windows\194asparze5209.ocx
c:\windows\1960tro591az.ocx
c:\windows\19838zacktoo5609.dll
c:\windows\1984zt9oj185.ocx
c:\windows\19979spam5ot2cz.exe
c:\windows\1b24s9ar5e1359z.exe
c:\windows\1e92vi59697z.bin
c:\windows\1f5vi91482z.exe
c:\windows\1z4spa59e481.ocx
c:\windows\1z915spambot65e.bin
c:\windows\1z93spa5se6509.cpl
c:\windows\20550s9y725z.dll
c:\windows\2055thiz911025.dll
c:\windows\2055zwormc39.exe
c:\windows\20568wormzdf9.cpl
c:\windows\20594vi5us9z6.cpl
c:\windows\20619hzc59ool717.dll
c:\windows\21z22v95us175.bin
c:\windows\2236spzwa592708.bin
c:\windows\22518s9am5ot4az.dll
c:\windows\22535viruszdd9.exe
c:\windows\22549szy49b.exe
c:\windows\22905tr5j5z9.bin
c:\windows\22z05s5y98.exe
c:\windows\234945ormz1.cpl
c:\windows\23890ha5ktool65z.dll
c:\windows\23b5bazkdoo92438.cpl
c:\windows\240z8hackt95l197.exe
c:\windows\24689tro5162z.exe
c:\windows\24980not9a-5irzs348.cpl
c:\windows\24a4thiez559.exe
c:\windows\255159zy792.exe
c:\windows\25711virus995z.exe
c:\windows\25990szy369.dll
c:\windows\2599tzi9f2800.cpl
c:\windows\25c3spyware98z5.exe
c:\windows\264z9spambot753.exe
c:\windows\26944not-azviru5198.dll
c:\windows\27045troj55z9.exe
c:\windows\27065hacktozl3a49.ocx
c:\windows\27855not-a-vi59sz50.exe
c:\windows\27f39oznload5r909.ocx
c:\windows\28573wo9z59.dll
c:\windows\288029iru575z.ocx
c:\windows\28857not-9-viz5s43c.bin
c:\windows\2899zir5019.cpl
c:\windows\29093spamzot656.ocx
c:\windows\29337virus254z.ocx
c:\windows\29503zacktool199.ocx
c:\windows\29604trzj5d89.ocx
c:\windows\29710hzcktool265.exe
c:\windows\2990059zj555.ocx
c:\windows\2c2atzre9t54715.ocx
c:\windows\2d09i5z339.cpl
c:\windows\2z2add9are656.dll
c:\windows\2z564tro979f.ocx
c:\windows\304385o9mz30.cpl
c:\windows\3058spyware194z.cpl
c:\windows\3059virzs199.cpl
c:\windows\30725not-a-v9ruz2b1.ocx
c:\windows\307aspzrs59764.cpl
c:\windows\30933s5y4z9.dll
c:\windows\3148hack5ool9zc.ocx
c:\windows\315769pambo5z7c.dll
c:\windows\31z69s5y99.ocx
c:\windows\3271295zm433.bin
c:\windows\3509zt9oj6d3.dll
c:\windows\350thr9atz5835.ocx
c:\windows\3549spzrse2390.cpl
c:\windows\355abackdzor2895.dll
c:\windows\35945spy44z.ocx
c:\windows\35fz9pyw5re1337.cpl
c:\windows\3690threa527z29.exe
c:\windows\36z9troj4995.ocx
c:\windows\3795zteal5495.bin
c:\windows\3826downlza9er2536.cpl
c:\windows\39110spambot75z.cpl
c:\windows\39d5bazk9oor2958.bin
c:\windows\39edbackdooz11195.ocx
c:\windows\3azte59361.exe
c:\windows\3b98tzi5f314.exe
c:\windows\3bz5addwa9e103.ocx
c:\windows\3c5abaczdoo94415.exe
c:\windows\3f59downlozder3117.dll
c:\windows\3f9zaddw9re6405.ocx
c:\windows\3z45t9reat55057.exe
c:\windows\3z625hacktool89.dll
c:\windows\3zbfba9k5oor395.bin
c:\windows\40f5zteal10399.bin
c:\windows\414cspy9arz9235.exe
c:\windows\4259addware13z59.ocx
c:\windows\42849hreat295z4.dll
c:\windows\4415hac9tool72z5.cpl
c:\windows\44c7thze9t32590.cpl
c:\windows\45afbackd5o9257z.ocx
c:\windows\45bath5eat93z69.cpl
c:\windows\45f45oznloader975.ocx
c:\windows\476wozm5359.bin
c:\windows\47ffv5r985z.dll
c:\windows\48zsp5war993.ocx
c:\windows\495spyware9259z.exe
c:\windows\49675ac9dzor1798.bin
c:\windows\4f93ba5kdoor14z1.cpl
c:\windows\5192tr9j19z.exe
c:\windows\51e1th95az13846.cpl
c:\windows\52973hazktoo9783.ocx
c:\windows\52f2spyware2z359.cpl
c:\windows\53149ir5zeb.dll
c:\windows\550a9ackdoor269z.cpl
c:\windows\55329ir19z8.dll
c:\windows\55559zr550.bin
c:\windows\5556zspy379.ocx
c:\windows\559cv5r91z.bin
c:\windows\5622tzoj695.dll
c:\windows\56365or97ze.exe
c:\windows\5689tzal3232.dll
c:\windows\56dspazs9297.exe
c:\windows\56zathief1569.cpl
c:\windows\593z5tro95df.bin
c:\windows\59591zirus28d.bin
c:\windows\595espyzar92055.exe
c:\windows\5989py3bz.dll
c:\windows\5989stz5l2688.bin
c:\windows\59bdbac9door4z0.cpl
c:\windows\59d9spywaze2190.ocx
c:\windows\5a90down5ozder2902.bin
c:\windows\5c0vzr9028.exe
c:\windows\5c95thief19z69.ocx
c:\windows\5d1zspyware2975.dll
c:\windows\5dc6b5ck9oor2939z.bin
c:\windows\5f17v9r1913z.dll
c:\windows\5f69stzal10.exe
c:\windows\5z5095oj761.cpl
c:\windows\5z685ddware2990.dll
c:\windows\5z89ackdoor1208.bin
c:\windows\60dfs9eal5z24.cpl
c:\windows\61z3downloa59r2651.dll
c:\windows\6295zacktool26d.exe
c:\windows\62e65ackdoor3z169.cpl
c:\windows\65b3z9ief16995.exe
c:\windows\66zdspa5se1309.ocx
c:\windows\6aeavir945z.exe
c:\windows\6b9cbaczdoor3255.dll
c:\windows\6bacst9al54z.ocx
c:\windows\6cz7down9oade53230.ocx
c:\windows\6d19spywarz2445.bin
c:\windows\6e9zsp5ware1296.cpl
c:\windows\6f15backdoz59620.dll
c:\windows\6f59download9r1655z.exe
c:\windows\6z88spamb59523.cpl
c:\windows\6zd7ste9l1580.exe
c:\windows\7118z5ie9886.exe
c:\windows\718s9zware17835.dll
c:\windows\739c5ddware9z91.ocx
c:\windows\73z9vir45.ocx
c:\windows\7557spambot28z9.exe
c:\windows\7610szambot539.exe
c:\windows\784edzwn9oad5r108.cpl
c:\windows\79039ir5z37.exe
c:\windows\795cza5kdoor2254.cpl
c:\windows\79bba5dware2735z.dll
c:\windows\79e5addwarz9599.exe
c:\windows\7a5cviz31029.dll
c:\windows\7a959teal129z.ocx
c:\windows\7c69thief22z5.cpl
c:\windows\7c9zspyware2750.cpl
c:\windows\7ddcthrea511z809.dll
c:\windows\7eat59zf2780.ocx
c:\windows\7f7795iefz7.dll
c:\windows\7fa55iz2598.exe
c:\windows\7z975roj970.ocx
c:\windows\8169szy585.exe
c:\windows\8287zir9s573.dll
c:\windows\856v59557z.cpl
c:\windows\89h9cktool5cz5.exe
c:\windows\90572zorm608.bin
c:\windows\9058not-a-v5rus6z9.exe
c:\windows\91502virus3z25.exe
c:\windows\9249viz5s251.ocx
c:\windows\925165py6f3z.dll
c:\windows\92649w5rmzcb.bin
c:\windows\9290hacztool65b.cpl
c:\windows\9294viz2597.bin
c:\windows\93195ckdoorz316.cpl
c:\windows\93bzsteal1558.dll
c:\windows\94595ormzab.exe
c:\windows\9520backdooz10575.bin
c:\windows\952z5worm124.ocx
c:\windows\956bthief2z52.ocx
c:\windows\95941s5azbot5d4.cpl
c:\windows\95zvi52755.bin
c:\windows\96755worm7ze.cpl
c:\windows\969z35py7f1.bin
c:\windows\96z3vir1055.dll
c:\windows\974259yz65.dll
c:\windows\97629zy1a55.dll
c:\windows\977ztr5j594.ocx
c:\windows\9804threaz57558.cpl
c:\windows\9c0ezddware953.bin
c:\windows\9c59sparze11215.exe
c:\windows\a21addwarz5793.exe
c:\windows\a83zhre5t7393.exe
c:\windows\a9sp5wzre233.ocx
c:\windows\b65spyware9z62.cpl
c:\windows\cd4th5ef2559z.exe
c:\windows\dcczir19855.cpl
c:\windows\e79s59rse314z.bin
c:\windows\system32\1095viruz751.ocx
c:\windows\system32\1115wzrm59b.cpl
c:\windows\system32\1129t9ief1755z.ocx
c:\windows\system32\113esza9se4745.exe
c:\windows\system32\1149thre5t2z44.cpl
c:\windows\system32\11529trojz94.cpl
c:\windows\system32\11746not-a5vzr9s136.ocx
c:\windows\system32\121915pamzot4fa.exe
c:\windows\system32\12a5addwa5e1959z.cpl
c:\windows\system32\12z48hac5to9l20e.dll
c:\windows\system32\1302zs955c5.ocx
c:\windows\system32\1398zs5y99.exe
c:\windows\system32\14098troj354z.dll
c:\windows\system32\1472zs9amb5t41a.ocx
c:\windows\system32\14756troz3955.dll
c:\windows\system32\150729acktool334z.ocx
c:\windows\system32\15191wo5z528.cpl
c:\windows\system32\15509hacktoolz41.bin
c:\windows\system32\15616hacktzo9586.dll
c:\windows\system32\1593steal9z.bin
c:\windows\system32\16522spyzb79.bin
c:\windows\system32\16d5szyware9230.exe
c:\windows\system32\174315o9m4z0.exe
c:\windows\system32\1749zteal5452.dll
c:\windows\system32\177zaddw5re22359.exe
c:\windows\system32\17aezownl5ader991.dll
c:\windows\system32\182sp9waze2352.cpl
c:\windows\system32\18345nzt-a-v9rus4e1.bin
c:\windows\system32\18691szambot523.dll
c:\windows\system32\18915t9oj4z5.exe
c:\windows\system32\18z08hackt9o57a5.bin
c:\windows\system32\192215orm2bz.ocx
c:\windows\system32\192s5ambot68z.exe
c:\windows\system32\192z1not-a9virus158.exe
c:\windows\system32\19349ddwaze3508.dll
c:\windows\system32\19355trojz57.cpl
c:\windows\system32\19466zroj500.cpl
c:\windows\system32\19958troz28a.bin
c:\windows\system32\19z70worm351.ocx
c:\windows\system32\1a58steaz995.bin
c:\windows\system32\1a95do9nlza5er2980.ocx
c:\windows\system32\1aafv9r8z75.dll
c:\windows\system32\1d13sp5wzre10719.bin
c:\windows\system32\1d4z5pyware11519.ocx
c:\windows\system32\1d5cback5oor19z8.ocx
c:\windows\system32\1e429ddware56z.bin
c:\windows\system32\1ed59parze1112.cpl
c:\windows\system32\1ef7thz9f65.bin
c:\windows\system32\1z944worm59e.ocx
c:\windows\system32\2051thze9t26747.cpl
c:\windows\system32\2071vzrus4529.exe
c:\windows\system32\20b7szyware951.cpl
c:\windows\system32\21095trz91f0.dll
c:\windows\system32\213735rojz79.ocx
c:\windows\system32\21403v5r9s6z2.exe
c:\windows\system32\2149thizf2579.cpl
c:\windows\system32\21z289orm48b5.exe
c:\windows\system32\22035worm5z9.exe
c:\windows\system32\221z1w9r545.exe
c:\windows\system32\23z62sp9mbot505.dll
c:\windows\system32\243eback5oor19z6.ocx
c:\windows\system32\25032v5r9s3zd.ocx
c:\windows\system32\252z2tr95234.ocx
c:\windows\system32\25547vizus596.exe
c:\windows\system32\255ztroj59d.ocx
c:\windows\system32\25771n9t-z-virus228.exe
c:\windows\system32\2579spzware2213.bin
c:\windows\system32\27355oz-a-viru9510.cpl
c:\windows\system32\27759hzc9t5ol6d5.cpl
c:\windows\system32\27999not-a-v5rusz18.ocx
c:\windows\system32\279z5pars92028.dll
c:\windows\system32\2910threat15z.ocx
c:\windows\system32\293zspy3955.bin
c:\windows\system32\294cdow95oader8z1.ocx
c:\windows\system32\29559troj545z.dll
c:\windows\system32\295as5arsz1959.exe
c:\windows\system32\2993hack5ozl21d.cpl
c:\windows\system32\29955worz685.bin
c:\windows\system32\2997no9za-virus3855.exe
c:\windows\system32\29zbsparse21255.bin
c:\windows\system32\2c6este5l50z9.exe
c:\windows\system32\2dbb5pzware18209.exe
c:\windows\system32\2df3sz9rse858.cpl
c:\windows\system32\2e22zpywar9115.bin
c:\windows\system32\2e3zdownload5r1996.exe
c:\windows\system32\2z35hac9too5262.dll
c:\windows\system32\2z41wor96215.cpl
c:\windows\system32\2z90a5dware1117.bin
c:\windows\system32\300759irzs5a2.bin
c:\windows\system32\30530sp9mzot182.bin
c:\windows\system32\30542zp9mbo5328.ocx
c:\windows\system32\30690no9-a-vizus455.exe
c:\windows\system32\30899not-azvir5s406.cpl
c:\windows\system32\31d95ownlzader715.cpl
c:\windows\system32\32518hack5oo935z.ocx
c:\windows\system32\32627sp5mbotz90.cpl
c:\windows\system32\33d2sp5waze2297.dll
c:\windows\system32\3703stea5597z.ocx
c:\windows\system32\37d1do9nloader1z45.bin
c:\windows\system32\3982bzckdoo52989.ocx
c:\windows\system32\39d3d9wnlzad5r529.cpl
c:\windows\system32\3a5bthie9634z.cpl
c:\windows\system32\3c78downloader50z19.bin
c:\windows\system32\3eb5spyw9re35z.exe
c:\windows\system32\3z4cvir18759.dll
c:\windows\system32\3z693spam5ot237.cpl
c:\windows\system32\41fzvir28559.bin
c:\windows\system32\42z6stea52903.dll
c:\windows\system32\4342v9rzs225.dll
c:\windows\system32\4349not-a-viruz59.cpl
c:\windows\system32\4438w9z57c9.cpl
c:\windows\system32\4525spzrse1039.dll
c:\windows\system32\45959ackdo5r1z12.cpl
c:\windows\system32\479zbackdoor254.dll
c:\windows\system32\4a0bs5yzare982.cpl
c:\windows\system32\4d69s5eal120z9.dll
c:\windows\system32\4d8aspyw59e1683z.exe
c:\windows\system32\4z25spy3b9.bin
c:\windows\system32\4zdas9yware8705.cpl
c:\windows\system32\4ze5ste9l982.ocx
c:\windows\system32\503fsp9rs562z.cpl
c:\windows\system32\51z84sp94d3.dll
c:\windows\system32\52099spambo947z.bin
c:\windows\system32\5294ha5kz9ol177.ocx
c:\windows\system32\52ezs9yware18485.ocx
c:\windows\system32\5384vi5us4z9.dll
c:\windows\system32\544z9py385.exe
c:\windows\system32\554stezl1491.bin
c:\windows\system32\5569threaz7941.bin
c:\windows\system32\55769i5zs281.bin
c:\windows\system32\5577v9r2908z.dll
c:\windows\system32\55spambzt209.exe
c:\windows\system32\55zb9p5ware1957.bin
c:\windows\system32\55zbv9r1488.dll
c:\windows\system32\5602hack9oolz75.cpl
c:\windows\system32\56190spy2z5.bin
c:\windows\system32\5629sparz92350.bin
c:\windows\system32\5653spa9sez500.ocx
c:\windows\system32\56d9s5ealz893.bin
c:\windows\system32\571zth5eat13964.cpl
c:\windows\system32\57290virus7z59.dll
c:\windows\system32\5768spz995.ocx
c:\windows\system32\582395rm599z.bin
c:\windows\system32\5889zpy975.dll
c:\windows\system32\58d75ir9142z.ocx
c:\windows\system32\594zt9oj57b.dll
c:\windows\system32\5981dzwnloader625.cpl
c:\windows\system32\5981sza5se2338.exe
c:\windows\system32\59z7vir9s699.exe
c:\windows\system32\5a09szy9ar5827.bin
c:\windows\system32\5b19addw9rz683.cpl
c:\windows\system32\5c01thzeat534339.cpl
c:\windows\system32\5c65spars92728z.cpl
c:\windows\system32\5c955hief95z4.cpl
c:\windows\system32\5d8aspar9e605z.dll
c:\windows\system32\5f5c5ir18z89.bin
c:\windows\system32\5fc5th9zf2596.bin
c:\windows\system32\5z2vir2859.exe
c:\windows\system32\5z559acktool4c4.exe
c:\windows\system32\5z5b5parse599.ocx
c:\windows\system32\5z95addware3090.ocx
c:\windows\system32\6055s5ars93147z.cpl
c:\windows\system32\6084threa59z294.dll
c:\windows\system32\619zir2956.exe
c:\windows\system32\6312st59l1z28.dll
c:\windows\system32\63e5thzeat71759.exe
c:\windows\system32\650d95ywarz1202.dll
c:\windows\system32\655zsteal999.bin
c:\windows\system32\6779no95a-zirus10.bin
c:\windows\system32\67z3ste591847.ocx
c:\windows\system32\69zdth5ea910905.dll
c:\windows\system32\6c2a5ackdooz491.bin
c:\windows\system32\6cc55ackdo9r4z.ocx
c:\windows\system32\6cdbackdz9r20975.cpl
c:\windows\system32\drivers\ESQULhcadrnawunywkbqijsboxjykruuowigg.sys
c:\windows\system32\ESQULrlqultlqhkttrehqlptxjmxbtwonckgx.dll
c:\windows\system32\ESQULrvmomddcrplhkxhnpkgrhkupvpnjtxar.dll
c:\windows\system32\ESQULzcounter
c:\windows\z0835troj794.cpl
c:\windows\z195ackdo9r1535.dll
c:\windows\z37495pambot498.exe
c:\windows\z47cthrea925435.ocx
c:\windows\z5464sp969b.exe
c:\windows\z7211w9rm7505.dll
c:\windows\z8196tro9454.dll
c:\windows\z8e8vir9155.dll
c:\windows\z902hackt5o9487.ocx
c:\windows\z99t5reat11294.exe
c:\windows\zb575parse9356.dll
c:\windows\zb9sp9rse519.bin
c:\windows\zcfcs9ar5e3034.ocx

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-08-03 22:04 . 2009-08-03 22:04 -------- d-s---w- C:\lollapolooza
2009-07-31 00:48 . 2009-07-31 00:48 -------- d--h--w- c:\windows\PIF
2009-07-31 00:32 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-31 00:32 . 2009-07-31 00:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-31 00:32 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-29 21:22 . 2009-07-29 21:22 -------- d-----w- c:\documents and settings\Administrator.D1234567\Local Settings\Application Data\WMTools Downloaded Files
2009-07-25 06:55 . 2009-07-26 04:55 -------- d-----w- c:\program files\Windows Live Safety Center
2009-07-25 06:18 . 2009-07-25 06:18 -------- d-----w- c:\windows\BDOSCAN8
2009-07-25 06:16 . 2009-07-25 06:16 -------- d-sh--w- c:\documents and settings\Administrator.D1234567\PrivacIE
2009-07-25 05:11 . 2009-07-25 05:11 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-25 05:11 . 2009-07-25 05:12 -------- d-----w- c:\documents and settings\Administrator.D1234567\.housecall6.6
2009-07-25 05:04 . 2009-07-27 17:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-23 03:16 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-23 03:16 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-23 03:16 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-23 03:16 . 2009-07-23 03:16 -------- d-----w- c:\program files\Avira
2009-07-23 03:16 . 2009-07-23 03:16 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Avira
2009-07-22 19:25 . 2009-07-22 19:25 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-07-22 19:21 . 2009-07-22 19:21 -------- d-----w- c:\windows\ERUNT
2009-07-22 19:14 . 2009-07-23 03:28 -------- d-----w- C:\SDFix
2009-07-22 16:59 . 2009-08-03 21:04 -------- d-----w- c:\documents and settings\Administrator.D1234567\Local Settings\Application Data\Temp
2009-07-20 22:01 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-20 20:28 . 2009-07-20 20:28 -------- d-----w- c:\program files\Alwil Software
2009-07-20 20:23 . 2009-07-20 20:23 36 ---h--r- c:\windows\sued.dat
2009-07-20 04:56 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-20 04:47 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-20 04:46 . 2009-07-20 04:46 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-20 04:46 . 2009-07-20 04:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-07-20 04:46 . 2009-07-20 04:46 -------- d-----w- c:\program files\Lavasoft
2009-07-10 18:59 . 2009-07-10 18:59 -------- d-----w- c:\program files\BillyMaysCapsLock

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 22:39 . 2006-05-11 14:40 17408 ----a-w- c:\windows\system32\Rpcnetp.exe
2009-08-03 22:39 . 2009-04-28 23:09 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-08-03 22:36 . 2009-03-12 23:30 -------- d-----w- c:\program files\iWin Games
2009-08-03 01:43 . 2006-05-23 15:34 -------- d-----w- c:\program files\FirstClass
2009-08-02 14:25 . 2007-05-17 14:38 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-07-31 00:31 . 2007-05-15 18:42 -------- d-----w- c:\program files\Google
2009-07-29 19:38 . 2009-03-20 02:17 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-07-29 19:38 . 2009-03-20 02:16 -------- d-----w- c:\program files\McAfee
2009-07-28 04:55 . 2009-03-05 00:26 -------- d-----w- c:\documents and settings\Administrator.D1234567\Application Data\TuneUpMedia
2009-07-28 04:53 . 2006-05-03 07:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-28 04:19 . 2007-05-15 16:33 61475 ----a-w- c:\windows\system32\nvModes.dat
2009-07-28 04:18 . 2009-01-29 21:14 -------- d-----w- c:\program files\StepMania
2009-07-28 03:22 . 2009-05-17 00:45 -------- d-----w- c:\program files\TuneUpMedia
2009-07-22 19:37 . 2006-12-01 22:37 56680 ----a-w- c:\windows\system32\rpcnet.exe
2009-07-22 16:47 . 2009-07-25 16:09 208324 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-07-20 04:41 . 2009-03-12 23:33 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-18 05:12 . 2009-01-30 00:25 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-15 07:03 . 2007-05-15 17:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-07-12 01:49 . 2009-01-15 06:09 -------- d-----w- c:\documents and settings\Administrator.D1234567\Application Data\uTorrent
2009-07-12 01:46 . 2009-02-04 00:11 -------- d-----w- c:\documents and settings\Administrator.D1234567\Application Data\FrostWire
2009-07-08 20:50 . 2009-04-20 02:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-08 20:40 . 2009-02-17 08:27 -------- d-----w- c:\program files\RealArcade
2009-07-06 20:19 . 2009-02-24 17:41 -------- d-----w- c:\program files\DivX
2009-07-02 04:29 . 2009-07-02 04:29 -------- d-----w- c:\documents and settings\Administrator.D1234567\Application Data\SecondLife
2009-07-02 04:29 . 2009-07-02 04:27 -------- d-----w- c:\program files\SecondLife
2009-07-01 02:42 . 2009-04-29 05:17 -------- d-----w- c:\program files\AIMTunes
2009-06-23 16:47 . 2009-06-23 16:47 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Electronic Arts
2009-06-23 16:45 . 2009-06-23 16:28 -------- d-----w- c:\program files\Electronic Arts
2009-06-23 16:42 . 2009-06-23 16:42 10134 ----a-r- c:\documents and settings\Administrator.D1234567\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-23 16:42 . 2009-06-23 16:42 -------- d-----w- c:\program files\Microsoft WSE
2009-06-23 03:35 . 2009-06-23 03:34 -------- d-----w- c:\program files\Zune
2009-06-23 03:35 . 2009-06-23 03:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-06-23 03:35 . 2009-06-23 03:35 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-18 04:20 . 2009-01-24 05:44 -------- d-----w- c:\program files\iTunes
2009-06-18 04:19 . 2009-06-18 04:19 -------- d-----w- c:\program files\iPod
2009-06-18 04:19 . 2009-01-15 01:43 -------- d-----w- c:\program files\Common Files\Apple
2009-06-18 04:16 . 2009-01-24 05:43 -------- d-----w- c:\program files\QuickTime
2009-06-16 14:36 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-11 22:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 03:00 . 2009-03-05 00:26 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\TuneUpMedia
2009-06-03 19:09 . 2004-08-11 22:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 05:15 . 2004-08-11 22:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-10 01:43 . 2009-05-10 01:44 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-10 01:42 . 2009-05-10 01:42 152576 ----a-w- c:\documents and settings\Administrator.D1234567\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-07 15:32 . 2004-08-11 22:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-03-03 03:41 . 2009-03-03 03:41 396 ----a-w- c:\program files\InstallWoW.log
2009-03-03 01:37 . 2009-03-03 01:37 1131176 ----a-w- c:\program files\WoW-installer-3.0.1.8874-x86-Win-enUS.exe
2007-05-04 03:13 . 2007-05-04 03:13 936168 ----a-w- c:\program files\Common Files\SaveAsPDF.exe
2009-07-03 18:01 . 2009-01-15 00:36 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-07-03 18:01 . 2009-01-15 00:36 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-07-03 18:01 . 2009-01-15 00:36 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-07-03 18:01 . 2009-01-15 00:36 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-07-03 18:01 . 2009-01-15 00:36 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 23:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator.D1234567^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Administrator.D1234567\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator.D1234567^Start Menu^Programs^Startup^IMVU.lnk]
path=c:\documents and settings\Administrator.D1234567\Start Menu\Programs\Startup\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk
backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
backup=c:\windows\pss\EMBASSY Trust Suite Secure Update.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Sleep Moon Xpress\\Sleep Moon Xpress.exe"=
"c:\\Documents and Settings\\Administrator.D1234567\\My Documents\\The Game of Life\\life.exe"=
"c:\\Program Files\\Common Files\\Roxio Shared\\9.0\\Roxio Central33\\Main\\Roxio_Central33.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/20/2009 12:47 AM 64160]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/22/2009 11:16 PM 108289]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42 PM 156968]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [2/18/2009 5:26 PM 78104]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/15/2009 2:01 AM 24652]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 8:18 PM 23680]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-METUSB~1.exe - c:\windows\Config\METUSB~1.exe
HKU-Default-Run-svchost.exe - c:\windows\Config\svchost.exe


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator.D1234567\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: %SYSTEMROOT%\system32\biolsp.dll
FF - ProfilePath - c:\docume~1\ADMINI~1.D12\APPLIC~1\Mozilla\Firefox\Profiles\skequ3vr.default\
FF - prefs.js: browser.startup.homepage - hxxp://campus.mcla.edu
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\progra~1\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 18:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3536579583-2765976168-1648031750-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,af,2b,25,b5,0b,bf,47,89,d0,04,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,af,2b,25,b5,0b,bf,47,89,d0,04,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(2808)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\scardsvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Wave Systems Corp\common\DataServer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\rpcnet.exe
c:\windows\system32\stacsv.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\McAfee\Common Framework\UdaterUI.exe
c:\program files\McAfee\Common Framework\Mctray.exe
.
**************************************************************************
.
Completion time: 2009-08-03 18:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-03 22:47

Pre-Run: 88,366,223,360 bytes free
Post-Run: 89,182,646,272 bytes free

695 --- E O F --- 2009-07-15 07:03

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 04 August 2009 - 11:24 AM

Hello.

One of the infections removed was a backdoor/rootkit.

Read the following and tell me what you still decide to do. Format or continue.

Posted ImageRootkit Threat

Unfortunatly One or more of the identified infections is a Rootkit/backdoor trojan.

IMPORTANT NOTE: Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Tell me what you want to do.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 sharpiejojo

sharpiejojo
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 04 August 2009 - 01:09 PM

I guess reformatting would be best. Thank you extremeboy for all your help, and thank you thcbytes and Orange Blossom for your help as well.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 05 August 2009 - 08:35 PM

You're welcome.

Some prevention tips and good luck on the format!

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Good luck!

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:37 PM

Posted 05 August 2009 - 08:38 PM

Hello.

Since the problem appears to be resolved, this topic is now Closed. Glad we could help :thumbup2:
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users