Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I recently cleaned many infections but am I done?


  • This topic is locked This topic is locked
13 replies to this topic

#1 silvertree

silvertree

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 08 August 2009 - 07:03 AM

Hello, over the last few days I have been working pretty hard to remove several problems that occurred during a 10 minute relapse in judgement.

I feel like I got everything, at least all my current scanners report that I got everything but I was still experiencing odd behaviour with usb devices.

Here's the topic I started in "am I infected"

http://www.bleepingcomputer.com/forums/t/247418/usb-drives-infected-once-inserted/

As I stated in the other thread, I believe I have removed several Trojans, smitfraud, a CLB rootkit and other things.

Starting this morning I no longer have the peculiar behaviour with my USB devices but I don't think that I have done anything that would have fixed this.

I am still going to post a HJT log for your review.

Thank you.




***
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:23, on 8/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Avanquest\PowerDesk\PDExplo.exe
C:\Program Files\Pdesk.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\uTorrent\utorrent.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Icecast2 Win32\icecastService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - Startup: E-mail.lnk = ?
O4 - Startup: Opera.lnk = C:\Program Files\Opera\opera.exe
O4 - Startup: PowerDesk 7.lnk = C:\Program Files\Avanquest\PowerDesk\PDExplo.exe
O4 - Startup: Shortcut to Pdesk.lnk = C:\Program Files\Pdesk.exe
O4 - Startup: Shortcut to pidgin.exe.lnk = C:\Program Files\Pidgin\pidgin.exe
O4 - Startup: Winamp.lnk = C:\Program Files\Winamp\winamp.exe
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\utorrent.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1127242810211
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144084137649
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Icecast-trunk Streaming Media Server (Icecast-trunk) - Unknown owner - C:\Program Files\Icecast2 Win32\icecastService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 6584 bytes
***

Edited by silvertree, 08 August 2009 - 07:04 AM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:05 AM

Posted 09 August 2009 - 05:51 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 silvertree

silvertree
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 10 August 2009 - 02:35 PM

OTL logfile created on: 8/10/2009 4:28:04 PM - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\John\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.98 Mb Total Physical Memory | 341.62 Mb Available Physical Memory | 33.66% Memory free
2.39 Gb Paging File | 1.77 Gb Available in Paging File | 74.23% Paging File free
Paging file location(s): C:\pagefile.sys 1524 2263 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 12.73 Gb Free Space | 34.15% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 9.86 Gb Free Space | 5.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 36.13 Gb Total Space | 14.57 Gb Free Space | 40.31% Space Free | Partition Type: NTFS
Drive X: | 29.38 Gb Total Space | 13.32 Gb Free Space | 45.32% Space Free | Partition Type: NTFS

Computer Name: TRESTLE
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/06/13 07:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/03/18 09:33:26 | 00,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe
PRC - [2005/09/20 11:35:40 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2005/09/20 11:36:20 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2009/07/05 20:34:12 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/12/19 03:39:16 | 00,700,928 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
PRC - [2004/01/08 09:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\em_exec.exe
PRC - [2009/02/26 10:49:18 | 00,099,328 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2008/04/22 06:51:00 | 01,832,192 | ---- | M] (Avanquest Software USA, Inc.) -- C:\Program Files\Avanquest\PowerDesk\PDExplo.exe
PRC - [2004/07/29 13:34:54 | 00,753,664 | ---- | M] (V Communications, Inc.) -- C:\Program Files\Pdesk.exe
PRC - [2009/07/01 13:38:40 | 01,481,056 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe
PRC - [2009/07/01 18:02:47 | 00,288,048 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\utorrent.exe
PRC - [2001/08/17 22:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\devldr32.exe
PRC - [2009/08/04 19:31:25 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/08/04 19:31:35 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2008/05/24 15:02:50 | 00,417,792 | ---- | M] () -- C:\Program Files\Icecast2 Win32\icecastService.exe
PRC - [2009/07/05 20:34:12 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/04/27 15:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2008/05/06 11:55:56 | 02,155,896 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe
PRC - [2009/08/08 11:51:25 | 01,601,536 | ---- | M] (www.doom9.net) -- C:\Program Files\megui\MeGUI.exe
PRC - [2007/10/23 12:13:46 | 00,156,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Mail\wlmail.exe
PRC - [2009/08/10 16:26:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/03/09 00:09:26 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [Disabled | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/04 19:31:25 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/04/04 00:33:29 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [Disabled | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/04 05:56:46 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/05/24 15:02:50 | 00,417,792 | ---- | M] () -- C:\Program Files\Icecast2 Win32\icecastService.exe -- (Icecast-trunk [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/05 20:34:12 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Disabled | Stopped])
SRV - [2007/11/30 17:23:02 | 00,186,928 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60 [On_Demand | Stopped])
SRV - [2005/04/27 15:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [Disabled | Stopped])
SRV - [2008/03/03 20:12:34 | 00,109,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService [Disabled | Stopped])
SRV - [2008/03/03 20:13:16 | 00,121,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe -- (VMnetDHCP [Disabled | Stopped])
SRV - [2007/03/23 10:02:52 | 00,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2 [Disabled | Stopped])
SRV - [2008/03/03 20:12:38 | 00,150,064 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe -- (VMware NAT Service [Disabled | Stopped])
SRV - [2008/05/06 11:55:56 | 02,155,896 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4 [Auto | Running])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [Disabled | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/03/04 20:53:00 | 00,127,872 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Stopped])
DRV - [1999/09/10 09:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2009/08/04 19:31:31 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/04 19:31:30 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [1999/12/10 04:42:46 | 00,008,686 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\DRIVERS\B2Ether.sys -- (B2Ether [Auto | Running])
DRV - [2001/09/10 19:43:10 | 00,006,112 | ---- | M] () -- C:\WINDOWS\System32\Drivers\cdenable.sys -- (cdenable [Auto | Running])
DRV - [2001/08/17 12:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctljystk.sys -- (ctljystk [On_Demand | Running])
DRV - [2008/08/20 22:18:42 | 00,171,152 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1000325.sys -- (E1000 [On_Demand | Running])
DRV - [2006/01/12 16:27:48 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2001/08/22 11:54:58 | 00,069,555 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90Xbc5.SYS -- (EL90Xbc [On_Demand | Stopped])
DRV - [2003/11/25 11:20:40 | 00,006,176 | ---- | M] (EMS3 DRIVER) -- C:\WINDOWS\System32\Drivers\EM3Link.sys -- (EMSLink [Auto | Stopped])
DRV - [2001/08/17 12:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Running])
DRV - [2001/08/17 12:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Running])
DRV - [2006/04/05 12:53:14 | 00,014,848 | ---- | M] (USTC) -- C:\WINDOWS\System32\Drivers\ezwinit2.sys -- (EZWINIT2 [Auto | Stopped])
DRV - [2006/01/13 00:07:32 | 00,012,544 | ---- | M] (USTC) -- C:\WINDOWS\System32\Drivers\ezwrite2.sys -- (EZWRITE2 [Auto | Stopped])
DRV - [2004/08/03 23:08:22 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/03/03 20:14:20 | 00,034,864 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\Drivers\hcmon.sys -- (hcmon [Auto | Running])
DRV - [2005/09/20 12:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2004/03/10 13:42:24 | 00,012,953 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\itchfltr.sys -- (itchfltr [On_Demand | Running])
DRV - [2004/02/16 19:19:30 | 00,571,776 | ---- | M] (Eugene Gavrilov) -- C:\WINDOWS\System32\drivers\kx.sys -- (kxwdmdrv [On_Demand | Stopped])
DRV - [2003/12/17 09:50:00 | 00,051,729 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys -- (L8042pr2 [On_Demand | Running])
DRV - [2004/03/03 09:50:00 | 00,014,095 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LCcFltr.Sys -- (LCcfltr [On_Demand | Stopped])
DRV - [2003/12/17 09:50:00 | 00,025,505 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LHidFlt2.Sys -- (LHidFlt2 [On_Demand | Stopped])
DRV - [2004/03/03 09:50:00 | 00,037,887 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\Drivers\LHidUsb.Sys -- (LHidUsb [On_Demand | Stopped])
DRV - [2003/12/17 09:50:00 | 00,070,801 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys -- (LMouFlt2 [On_Demand | Running])
DRV - [2004/09/14 13:55:44 | 00,088,960 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped])
DRV - [2006/06/05 03:39:56 | 00,024,064 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\System32\Drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
DRV - [2007/09/15 17:11:11 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\drivers\nocashio.sys -- (nocashio [On_Demand | Stopped])
DRV - [2008/08/28 08:04:24 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2007/10/31 11:51:04 | 00,021,376 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\System32\DRIVERS\psadd.sys -- (psadd [On_Demand | Running])
DRV - [2004/08/04 09:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2009/02/18 14:34:36 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005/11/03 11:52:14 | 00,176,640 | ---- | M] (Saitek) -- C:\WINDOWS\System32\DRIVERS\SaiH3509.sys -- (SaiH3509 [On_Demand | Stopped])
DRV - [2005/11/03 11:52:16 | 00,027,264 | ---- | M] (Saitek) -- C:\WINDOWS\System32\DRIVERS\SaiU3509.sys -- (SaiU3509 [On_Demand | Stopped])
DRV - [2009/07/28 10:53:16 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/07/28 10:53:16 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/07/28 10:53:14 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007/08/06 21:15:07 | 00,033,052 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2007/11/13 07:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/10/27 15:36:52 | 00,393,088 | ---- | M] (Sensaura) -- C:\WINDOWS\System32\drivers\senfilt.sys -- (senfilt [On_Demand | Stopped])
DRV - [2001/08/17 12:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\sfmanm.sys -- (sfman [On_Demand | Running])
DRV - [2005/03/28 10:19:38 | 00,220,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Stopped])
DRV - [2008/08/09 07:15:20 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2002/06/20 16:39:36 | 00,042,960 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
DRV - [2006/02/24 14:55:48 | 00,010,864 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\sscdmdfl.sys -- (sscdmdfl [On_Demand | Stopped])
DRV - [2006/02/24 14:55:48 | 00,137,884 | ---- | M] (MCCI) -- C:\WINDOWS\System32\DRIVERS\sscdmdm.sys -- (sscdmdm [On_Demand | Stopped])
DRV - [2007/12/24 17:37:00 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2002/10/16 13:55:48 | 00,002,851 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\drivers\Toshidpt.sys -- (toshidpt [On_Demand | Stopped])
DRV - [2005/03/30 12:42:54 | 00,047,230 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tosporte.sys -- (tosporte [On_Demand | Running])
DRV - [2005/04/22 21:11:30 | 00,098,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\System32\Drivers\tosrfbd.sys -- (Tosrfbd [On_Demand | Stopped])
DRV - [2004/07/08 17:07:34 | 00,036,531 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys -- (Tosrfbnp [On_Demand | Stopped])
DRV - [2004/10/04 10:33:02 | 00,062,799 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys -- (Tosrfcom [System | Running])
DRV - [2005/04/22 22:34:56 | 00,052,608 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys -- (Tosrfhid [On_Demand | Stopped])
DRV - [2005/01/06 13:42:42 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\tosrfnds.sys -- (tosrfnds [On_Demand | Stopped])
DRV - [2005/04/06 09:54:44 | 00,050,048 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\drivers\TosRfSnd.sys -- (TosRfSnd [On_Demand | Stopped])
DRV - [2004/12/21 11:38:12 | 00,034,816 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\System32\Drivers\tosrfusb.sys -- (Tosrfusb [On_Demand | Stopped])
DRV - [2004/08/04 00:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005/10/29 21:36:22 | 00,004,256 | ---- | M] () -- C:\WINDOWS\System32\Drivers\UserPort.sys -- (UserPort [System | Running])
DRV - [2005/04/04 11:36:52 | 00,009,887 | ---- | M] (Ken Kato) -- C:\Emulator\virtual disk drive\vfd.sys -- (VirtualFD [On_Demand | Stopped])
DRV - [2008/03/03 20:13:48 | 00,020,912 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\VMkbd.sys -- (vmkbd [On_Demand | Running])
DRV - [2008/03/03 20:10:02 | 00,016,816 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Running])
DRV - [2008/03/03 20:10:02 | 00,028,592 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys -- (VMnetBridge [Auto | Running])
DRV - [2008/03/03 20:14:06 | 00,025,136 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetuserif.sys -- (VMnetuserif [Auto | Running])
DRV - [2008/03/03 20:11:34 | 00,015,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\Drivers\VMparport.sys -- (VMparport [Auto | Running])
DRV - [2008/03/03 20:10:02 | 00,030,768 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\System32\Drivers\vmusb.sys -- (vmusb [On_Demand | Stopped])
DRV - [2008/03/03 20:14:16 | 00,925,104 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\Drivers\vmx86.sys -- (vmx86 [Auto | Running])
DRV - [2008/05/06 10:43:34 | 00,004,608 | ---- | M] (RealVNC Ltd.) -- C:\WINDOWS\System32\DRIVERS\vncmirror.sys -- (vncmirror [On_Demand | Running])
DRV - [2007/03/23 10:03:00 | 00,018,480 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2 [Auto | Running])
DRV - [2007/11/30 17:22:16 | 00,019,248 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60 [Auto | Running])
DRV - [2006/11/06 18:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
DRV - [2001/01/02 22:53:30 | 00,019,677 | ---- | M] (Thesycon GmbH, Germany) -- C:\WINDOWS\System32\Drivers\xbreader.sys -- (xbreader [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1123561945-299502267-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1123561945-299502267-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1123561945-299502267-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1123561945-299502267-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1123561945-299502267-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1123561945-299502267-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\S-1-5-21-1123561945-299502267-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-1123561945-299502267-1801674531-1004\S-1-5-21-1123561945-299502267-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: betteryoutube@ginatrapani.org:0.4.3
FF - prefs.js..extensions.enabledItems: {1a278477-6ffd-4c99-af57-813c6d05511c}:0.3.3
FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.20
FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:3.5.1
FF - prefs.js..extensions.enabledItems: doubleclickcmenu@pc7s.com:1.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4
FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.4
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.1
FF - prefs.js..extensions.enabledItems: {92A24891-BA14-4e89-9FFD-07FFBE4334EE}:0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: omiazad@msn.com:1.0.2
FF - prefs.js..extensions.enabledItems: {9bae89f4-fe30-4710-bbed-256c9d6af2c3}:1.26.9
FF - prefs.js..extensions.enabledItems: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.4
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090630

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2008/10/01 11:40:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/07/01 18:02:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/05 20:34:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/17 12:38:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/17 12:38:54 | 00,000,000 | ---D | M]

[2008/08/09 07:39:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Extensions
[2008/08/09 07:39:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/07 23:23:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions
[2009/07/02 19:16:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\{1a278477-6ffd-4c99-af57-813c6d05511c}
[2008/04/09 07:29:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}
[2007/11/28 10:45:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\{403304EE-066A-4a2a-8F41-F12028480A0E}
[2008/08/09 07:39:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\{4a428302-5267-4749-bb22-459b3236695f}
[2007/11/28 10:41:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}
[2007/11/28 10:42:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\{70363b8a-2bd0-11dc-8314-0800200c9a66}
[2007/12/30 18:39:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\{835A3F80-DF39-11D9-A0B5-000D0B3AEB26}
[2009/07/02 19:14:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\{87f54a61-c9b3-4138-a38a-33c31770bb9e}
[2009/07/02 19:14:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\{92A24891-BA14-4e89-9FFD-07FFBE4334EE}
[2009/07/02 19:16:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\{9bae89f4-fe30-4710-bbed-256c9d6af2c3}
[2009/07/02 19:14:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\{a0faa0a4-f1a7-4098-9a74-21efc3a92372}
[2007/11/28 10:43:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\{b1f0be5b-b66c-41c9-bfcc-f4ec657cd17b}
[2009/07/02 19:14:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}
[2009/07/15 19:16:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/15 19:16:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d}
[2009/07/02 19:14:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/07/02 00:03:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2009/07/02 00:51:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\betteryoutube@ginatrapani.org
[2009/07/02 19:21:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\ctrl-tab@design-noir.de
[2009/07/02 19:14:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\doubleclickcmenu@pc7s.com
[2009/07/01 17:47:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\firegestures@xuldev.org
[2009/07/01 17:42:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\nasanightlaunch@example.com
[2007/11/28 10:44:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\netscape9theme@netscape.com
[2009/07/02 00:51:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\omiazad@msn.com
[2009/01/28 14:53:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\John\Application Data\mozilla\Firefox\Profiles\s221ogas.default\extensions\redshift_V2@shift-themes.com
[2009/08/07 23:23:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/17 12:38:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/11/06 12:55:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/06/29 23:09:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008/08/09 07:42:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/03 14:43:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/07/05 20:34:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/15 17:30:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/15 17:30:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/05 20:34:13 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/10/11 15:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/07/15 17:30:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/01 18:02:13 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/08/09 07:45:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/08/09 07:45:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/08/09 07:45:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/08/09 07:45:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/08/09 07:45:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/08/09 07:45:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/08/09 07:45:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/08/09 07:45:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin8.dll
[2009/07/01 18:02:25 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/07/01 18:02:01 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/08/09 08:05:49 | 01,212,416 | ---- | M] (cedelia) -- C:\Program Files\mozilla firefox\plugins\NPStreamPlug.dll
[2007/03/09 12:35:04 | 00,365,056 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npupd62.dll
[2006/02/23 09:16:20 | 00,034,048 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\upd62i9x.dll
[2006/02/23 09:16:20 | 00,045,056 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\upd62int.dll
[2009/07/15 15:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/15 15:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/15 15:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/15 15:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/15 15:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/15 15:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-1123561945-299502267-1801674531-1004\..\Toolbar\WebBrowser: (no name) - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - No CLSID value found.
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1123561945-299502267-1801674531-1004..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\E-mail.lnk = File not found
O4 - Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\Opera.lnk = C:\Program Files\Opera\opera.exe (Opera Software)
O4 - Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\PowerDesk 7.lnk = C:\Program Files\Avanquest\PowerDesk\PDExplo.exe (Avanquest Software USA, Inc.)
O4 - Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\Shortcut to Pdesk.lnk = C:\Program Files\Pdesk.exe (V Communications, Inc.)
O4 - Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\Shortcut to pidgin.exe.lnk = C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\Winamp.lnk = C:\Program Files\Winamp\winamp.exe (Nullsoft)
O4 - Startup: C:\Documents and Settings\John\Start Menu\Programs\Startup\µTorrent.lnk = C:\Program Files\uTorrent\utorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1123561945-299502267-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1123561945-299502267-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1123561945-299502267-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1123561945-299502267-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-1123561945-299502267-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-1123561945-299502267-1801674531-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1123561945-299502267-1801674531-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm ()
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : Mouse Gestures... - {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll (Drowse)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1127242810211 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1144084137649 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-0451045096-7018992353-169371523-9531\yv8g67.exe) - C:\RECYCLER\S-1-5-21-0451045096-7018992353-169371523-9531\yv8g67.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/03 21:00:23 | 00,000,034 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/06 11:36:08 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/08/06 11:36:08 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/08/06 11:36:09 | 00,000,000 | RHSD | M] - W:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/08/06 11:36:09 | 00,000,000 | RHSD | M] - X:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/08/10 16:27:14 | 00,287,744 | ---- | C] () -- C:\Documents and Settings\John\Desktop\467isox3.exe
[2009/08/10 16:25:59 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2009/08/08 07:35:15 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\John\Desktop\settings.dat
[2009/08/07 20:38:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop\Dark Room 0.8b
[2009/08/07 19:11:03 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/08/06 22:28:45 | 15,308,944 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\John\Desktop\n242578z.exe
[2009/08/06 18:43:14 | 00,470,528 | ---- | C] ( ) -- C:\Documents and Settings\John\Desktop\RootRepeal.exe
[2009/08/06 16:54:06 | 00,577,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/08/06 16:39:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/08/06 16:37:42 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/08/06 11:36:08 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/08/06 11:30:44 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\John\Desktop\ATF-Cleaner.exe
[2009/08/05 20:59:33 | 00,001,130 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/08/05 10:01:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Malwarebytes
[2009/08/05 10:01:00 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/05 10:00:58 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/05 10:00:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/05 10:00:57 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/05 01:41:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/08/05 01:41:06 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/05 01:41:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\SUPERAntiSpyware.com
[2009/08/05 01:21:48 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\regedit.com
[2009/08/05 00:38:06 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/05 00:19:33 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/04 19:34:59 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/08/04 19:31:49 | 39,652,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/04 19:31:49 | 00,059,923 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/04 19:31:40 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/04 19:31:40 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/04 19:31:38 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/04 19:31:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/08/04 19:31:31 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/04 19:31:30 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/04 19:17:28 | 00,000,919 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/04 18:01:39 | 00,000,000 | ---D | C] -- C:\Program Files\sFX
[2009/08/04 18:01:23 | 00,177,247 | ---- | C] () -- C:\WINDOWS\System32\hjgruitatsmhnc.dat
[2009/08/04 18:00:52 | 00,139,264 | ---- | C] () -- C:\rrhnqdo.exe
[2009/08/04 17:59:37 | 00,000,000 | -HSD | C] -- C:\WINDOWS\java updater
[2009/08/04 17:59:35 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\John\Application Data\NP.sys
[2009/08/04 17:58:20 | 00,108,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswinsck.ocx
[2009/08/04 17:58:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Update Engine
[2009/07/29 17:16:16 | 00,000,000 | ---D | C] -- D:\documents\Essays
[2009/07/27 20:24:58 | 00,000,000 | ---D | C] -- C:\Program Files\nandub
[2009/07/22 22:00:31 | 00,131,602 | ---- | C] () -- C:\Documents and Settings\John\Desktop\728px-Hudson_bay_map-fr.svg.png
[2009/07/19 19:14:31 | 00,000,000 | ---D | C] -- C:\Program Files\Pro Imaging Powertoys
[2009/07/17 00:49:03 | 02,103,716 | -H-- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\IconCache.db
[2009/07/12 18:44:31 | 00,302,592 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\unin040c.exe
[2009/04/21 12:32:56 | 00,000,110 | ---- | C] () -- C:\WINDOWS\edcast_aacp.ini
[2009/04/20 10:56:10 | 00,000,171 | ---- | C] () -- C:\WINDOWS\icecast2.ini
[2008/09/19 18:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 18:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 18:55:10 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 18:54:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/14 18:51:17 | 00,095,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
[2008/07/14 16:03:01 | 00,075,328 | ---- | C] () -- C:\WINDOWS\System32\prodad-mercalli-10-codec.dll
[2008/06/24 15:59:58 | 00,408,576 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2008/06/24 15:59:58 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/06/16 19:11:18 | 00,002,769 | ---- | C] () -- C:\WINDOWS\BorisFX9.2.ini
[2008/06/16 19:07:01 | 00,237,568 | R--- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2008/04/11 00:33:32 | 00,000,356 | ---- | C] () -- C:\WINDOWS\wbocx.ini
[2008/04/10 15:41:48 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/04/02 12:05:57 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2008/04/02 12:05:48 | 00,540,580 | ---- | C] () -- C:\WINDOWS\System32\libcairo-2.dll
[2008/04/02 12:05:48 | 00,434,971 | ---- | C] () -- C:\WINDOWS\System32\freetype6.dll
[2008/04/02 12:05:48 | 00,218,443 | ---- | C] () -- C:\WINDOWS\System32\libfontconfig-1.dll
[2008/04/02 12:05:48 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\libexpat.dll
[2008/04/02 12:05:48 | 00,039,875 | ---- | C] () -- C:\WINDOWS\System32\libpangocairo-1.0-0.dll
[2008/04/01 23:30:33 | 00,006,112 | ---- | C] () -- C:\WINDOWS\System32\cdenable.sys
[2008/04/01 10:40:11 | 00,000,951 | ---- | C] () -- C:\WINDOWS\HFVExplorer.INI
[2008/03/12 19:00:24 | 00,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2008/03/08 18:43:21 | 00,000,042 | ---- | C] () -- C:\WINDOWS\PNSRAMB.ini
[2008/02/26 09:56:10 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll.disabled
[2008/02/26 09:56:10 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll.disabled
[2008/02/13 17:47:38 | 00,000,101 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/02/03 20:23:25 | 00,000,041 | ---- | C] () -- C:\WINDOWS\System32\img2pdf.ini
[2008/01/09 15:01:48 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/19 21:24:09 | 00,000,066 | ---- | C] () -- C:\WINDOWS\SystemCheck.ini
[2007/12/07 23:14:26 | 00,000,051 | ---- | C] () -- C:\WINDOWS\EntPack.ini
[2007/12/06 23:03:55 | 00,000,032 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI
[2007/11/07 21:55:17 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2007/11/07 21:55:17 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2007/11/07 21:49:30 | 00,000,467 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/09/15 17:11:11 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2007/04/27 12:40:31 | 00,004,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\UserPort.sys
[2007/03/30 16:07:43 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSYS.INI
[2007/02/23 15:31:55 | 00,006,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdenable.sys
[2007/02/23 15:27:25 | 00,000,232 | ---- | C] () -- C:\WINDOWS\BasiliskII.ini
[2007/02/13 03:13:00 | 00,000,058 | ---- | C] () -- C:\WINDOWS\TUTORI~1.INI
[2007/02/12 23:39:53 | 00,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2007/02/12 23:09:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\plclient.INI
[2006/12/08 09:50:14 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/12/08 09:47:54 | 01,159,168 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/11/29 12:05:54 | 00,000,148 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2006/11/28 17:05:28 | 00,129,024 | ---- | C] () -- C:\WINDOWS\ZipDll.dll
[2006/11/28 17:05:28 | 00,115,200 | ---- | C] () -- C:\WINDOWS\UnzDll.dll
[2006/11/28 12:41:49 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/11/28 12:36:21 | 00,000,179 | ---- | C] () -- C:\WINDOWS\GangaBoy3.INI
[2006/11/23 03:58:59 | 00,000,082 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2006/10/26 23:40:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2006/10/26 23:35:33 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/10 03:52:46 | 00,000,832 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2006/10/04 03:56:47 | 00,000,575 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/03 15:42:18 | 00,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2006/09/26 12:47:59 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/09/17 00:32:29 | 00,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/17 00:19:54 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/09/17 00:00:32 | 00,122,368 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.dll
[2006/09/17 00:00:01 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\ZipDLL.dll
[2006/09/16 23:40:49 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2005/04/11 09:29:10 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/12/02 15:20:12 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/09/22 10:09:06 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/03/30 04:15:02 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010205PNG.dll
[2004/03/30 04:15:01 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX015003JP2.dll
[2004/03/30 04:15:01 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010104Z.dll
[2004/01/15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/07/29 15:33:26 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2003/05/23 07:08:52 | 00,107,008 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/05/23 07:08:52 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/10/15 19:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/03/19 18:30:00 | 00,141,824 | ---- | C] () -- C:\WINDOWS\System32\msvdm.dll
[2001/08/23 09:00:00 | 00,001,277 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 09:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/08/10 16:27:17 | 00,287,744 | ---- | M] () -- C:\Documents and Settings\John\Desktop\467isox3.exe
[2009/08/10 16:26:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2009/08/10 00:15:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/08 09:28:19 | 39,652,328 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/08 08:56:19 | 00,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2009/08/08 08:46:49 | 00,002,300 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/08 08:44:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/08 08:44:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/08 07:35:15 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\John\Desktop\settings.dat
[2009/08/08 07:34:17 | 01,492,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/08 07:31:30 | 00,003,041 | ---- | M] () -- C:\Program Files\Toolbar1.pdc
[2009/08/07 23:37:10 | 00,059,923 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/07 20:39:00 | 00,038,784 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/06 22:29:33 | 15,308,944 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\John\Desktop\n242578z.exe
[2009/08/06 18:58:55 | 00,177,247 | ---- | M] () -- C:\WINDOWS\System32\hjgruitatsmhnc.dat
[2009/08/06 17:49:13 | 00,461,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/06 17:49:12 | 00,552,160 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/06 17:49:12 | 00,079,954 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/06 17:01:39 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/08/06 16:54:06 | 00,577,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/08/06 11:30:44 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\John\Desktop\ATF-Cleaner.exe
[2009/08/06 10:29:38 | 10,643,94752 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/08/05 21:26:39 | 00,001,130 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/08/05 20:37:18 | 00,519,083 | ---- | M] () -- C:\Documents and Settings\John\Desktop\assorted.m3u
[2009/08/05 18:43:05 | 00,001,277 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/05 18:43:05 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/05 18:43:05 | 00,000,216 | -HS- | M] () -- C:\boot.ini
[2009/08/05 17:47:59 | 00,000,919 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/08/05 17:47:57 | 00,623,486 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090805-174758.backup
[2009/08/05 09:29:18 | 00,623,554 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090805-092918.backup
[2009/08/05 09:29:18 | 00,623,518 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090805-174757.backup
[2009/08/04 19:31:40 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/08/04 19:31:40 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/08/04 19:31:40 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/04 19:31:31 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/04 19:31:30 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/04 19:17:27 | 00,623,586 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090805-092917.backup
[2009/08/04 19:17:26 | 00,623,622 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090804-191726.backup
[2009/08/04 18:00:59 | 00,139,264 | ---- | M] () -- C:\rrhnqdo.exe
[2009/08/04 17:59:35 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\John\Application Data\NP.sys
[2009/08/04 17:58:20 | 00,108,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswinsck.ocx
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/30 22:48:17 | 00,000,272 | ---- | M] () -- C:\WINDOWS\System32\RfmDat2.dat
[2009/07/30 16:45:08 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/30 15:45:37 | 00,470,528 | ---- | M] ( ) -- C:\Documents and Settings\John\Desktop\RootRepeal.exe
[2009/07/22 22:00:31 | 00,131,602 | ---- | M] () -- C:\Documents and Settings\John\Desktop\728px-Hudson_bay_map-fr.svg.png
[2009/07/20 20:58:41 | 02,103,716 | -H-- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\IconCache.db
[2009/07/19 10:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 10:33:02 | 03,597,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/19 10:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 10:32:59 | 06,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/17 22:09:48 | 00,000,875 | ---- | M] () -- C:\Program Files\oggdropXPd.ini
[2009/07/16 22:11:34 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 13:43:32 | 00,017,136 | ---- | M] (Portrait Displays, Inc.) -- C:\WINDOWS\System32\drivers\PdiPorts.sys
[2009/07/13 20:37:40 | 07,921,928 | ---- | M] () -- C:\Program Files\Winamp.rar
[2009/07/13 19:00:32 | 00,000,066 | ---- | M] () -- C:\WINDOWS\SystemCheck.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2C6D38F
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >

#4 silvertree

silvertree
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 10 August 2009 - 02:37 PM

OTL Extras logfile created on: 8/10/2009 4:28:04 PM - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\John\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.98 Mb Total Physical Memory | 341.62 Mb Available Physical Memory | 33.66% Memory free
2.39 Gb Paging File | 1.77 Gb Available in Paging File | 74.23% Paging File free
Paging file location(s): C:\pagefile.sys 1524 2263 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 12.73 Gb Free Space | 34.15% Space Free | Partition Type: NTFS
Drive D: | 195.31 Gb Total Space | 9.86 Gb Free Space | 5.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 36.13 Gb Total Space | 14.57 Gb Free Space | 40.31% Space Free | Partition Type: NTFS
Drive X: | 29.38 Gb Total Space | 13.32 Gb Free Space | 45.32% Space Free | Partition Type: NTFS

Computer Name: TRESTLE
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\RealVNC\VNC4\winvnc4.exe" = C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server -- (RealVNC Ltd.)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\PSOLoad\cbs-Phoenix.exe" = C:\PSOLoad\cbs-Phoenix.exe:*:Enabled:Phoenix -- File not found
"C:\PSOLoad\1\PSOload.exe" = C:\PSOLoad\1\PSOload.exe:*:Enabled:PSOload -- File not found
"C:\Program Files\Nero\Nero 7\Core\nero.exe" = C:\Program Files\Nero\Nero 7\Core\nero.exe:*:Enabled:Nero Express -- (Nero AG)
"C:\Program Files\Opera\Opera.exe" = C:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\FileZilla\FileZilla.exe" = C:\Program Files\FileZilla\FileZilla.exe:*:Enabled:FileZilla -- (FileZilla Project)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"D:\xbox\gXiso\gxiso.exe" = D:\xbox\gXiso\gxiso.exe:*:Enabled:gxiso -- File not found
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III -- File not found
"W:\Torrents\Sheepshaver Install CD\SheepShaver-2.3\SheepShaver-2.3\SheepShaver.exe" = W:\Torrents\Sheepshaver Install CD\SheepShaver-2.3\SheepShaver-2.3\SheepShaver.exe:*:Enabled:SheepShaver -- File not found
"W:\Torrents\Sheepshaver Install CD\SheepShaver-2.3\SheepShaver.exe" = W:\Torrents\Sheepshaver Install CD\SheepShaver-2.3\SheepShaver.exe:*:Enabled:SheepShaver -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\Soulseek-Test\slsk.exe" = C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\RealVNC\VNC4\vncviewer.exe" = C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer Enterprise Edition for Win32 -- (RealVNC Ltd.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\IEPro\MiniDM.exe" = C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com)
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files\River Past\Video Cleaner\VideoCleaner.exe" = C:\Program Files\River Past\Video Cleaner\VideoCleaner.exe:*:Enabled:River Past Video Cleaner -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{042961FE-BE09-48AB-81FB-C0D4093043A1}" = Sony DVD Architect Pro 4.5
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{111A3D14-7596-43B0-92BA-418435C90672}" = Intel® PRO Network Connections
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java™ 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2F09F8D0-797D-4F98-9638-4BE6B83A8E26}" = Magic File Renamer 6.12 Professional Edition
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A0604C2-807A-11DB-8DF8-00508DD5B6B9}" = Microsoft Mike and Mary TTS Engines 5.1
"{3A20171A-C7B3-42F6-83EC-6483EBB7D152}" = GameCube Gamesaves
"{3AAAAA09-1385-4632-AFF3-6A9D3B4634EC}" = Mouse Gestures for Internet Explorer (x86)
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{4AEA9A23-D627-4699-8A0F-FC474308C2E6}" = Sony Sound Forge 9.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57BBB1AD-A239-4B05-86F5-3D138A0CFEE8}" = PureVoice
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{67EC0AB2-8CF7-4415-9F70-7FBC593C0D5E}" = ScanSoft PDF Create! 4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7cbd8a89-45f4-4203-9923-673f72603747}" = Adobe Photoshop Lightroom 2.3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{818CBFBE-F23E-45E3-B67B-55FBCF945F37}" = MFC80
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A932D4F7-79C5-4D80-A0F1-8F38E18CD6BC}" = XplDbClientPatch
"{A9ECA555-1644-4A17-9A5A-37A439673571}" = SFVManager
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
"{B93251B5-9209-4DAB-867C-AA98D91584CD}" = PowerDesk 7
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE378F36-E404-4244-A33F-F50A2A6D31BD}" = Microsoft Color Control Panel Applet for Windows XP
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Billionton
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D4134B0B-EA9B-4835-A77A-60BEE6277101}" = Lightroom
"{DA84D116-695C-4901-8F45-DE32F74CBFE9}" = PSP Application Patch
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC53BB56-FBB5-47BE-B342-E43CC83C0ECF}" = Sony Vegas 6.0c
"{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}" = On2 VP7 Personal Edition
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F251B999-08A9-4704-999C-9962F0DFD88E}" = Virtual Desktop Manager Powertoy for Windows XP
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.2
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"7-Zip" = 7-Zip 4.65
"ACDSee Classic" = ACDSee Classic
"ActionReplay Xbox" = ActionReplay Xbox
"Add Data, Text & Characters To Files Software_is1" = Add Data, Text & Characters To Files Software 7.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Album Art Downloader XUI" = Album Art Downloader XUI 0.27.1
"Album List" = Album List for Winamp v2.05 (remove only)
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"AutoGK" = Auto Gordian Knot 2.48b
"AVG8Uninstall" = AVG Free 8.5
"Avidemux 2.4" = Avidemux 2.4
"AviSynth" = AviSynth 2.5
"Cards.dll Enhanced_is1" = Cards.2005.01
"CDisplay_is1" = CDisplay 1.8
"CKRename" = CKRename
"clrmamepro" = clrmamepro
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Direct MP3 Joiner_is1" = Direct MP3 Joiner 2.5
"DubMan" = DubMan (remove only)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Identifier_is1" = DVD Identifier
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"EncVorbis" = EncVorbis 1.1
"Episode 1 - Homestar Ruiner" = Strong Bad - Strong Bad Episode 1 - Homestar Ruiner
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"EXIF Date Changer_is1" = EXIF Date Changer v1.1
"FastStone Capture" = FastStone Capture 6.2
"FastStone Image Viewer" = FastStone Image Viewer 3.9
"FastSum_is1" = FastSum 1.6 Standard Edition and FastSum 1.9 Command-Line Editi
"File Writer output plugin" = File Writer output plugin for WinAMP 2 v1.21b (remove only)
"filehippo.com" = filehippo.com Update Checker
"FileZilla" = FileZilla (remove only)
"FileZilla Client" = FileZilla Client 3.1.1.1
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v0.9.6.2
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"gaim-guifications" = Guifications Plugin (remove only)
"GB Book 4.92b" = Makebook V4.92b (remove only)
"GeoSetter_is1" = GeoSetter 3.0.6
"GetRight" = GetRight
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Gordian Knot" = Gordian Knot Rip Pack 0.35.0
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HashCalc_is1" = HashCalc 2.02
"HijackThis" = HijackThis 2.0.2
"Icecast2 Win32_is1" = Icecast 2.3.2
"ie7" = Windows Internet Explorer 7
"IE7Pro" = IE7Pro
"ImgBurn" = ImgBurn
"in_cdg" = CD+G Disc Player Plug-In for Winamp
"IsoBuster_is1" = IsoBuster 2.4
"iTag" = iTag
"iZotope Vinyl_is1" = iZotope Vinyl
"LucasArts' Star Wars: Episode I Racer" = Star Wars: Episode I Racer de LucasArts
"Magic ISO Maker v5.4 (build 0255)" = Magic ISO Maker v5.4 (build 0255)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Max Registry Cleaner_is1" = Max Registry Cleaner
"MediaInfo" = MediaInfo 0.7.16
"MeGUI" = MeGUI (remove only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MKVtoolnix" = MKVtoolnix 2.9.5
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"Mp3tag" = Mp3tag v2.43
"Op6sed_is1" = Opera Search.ini Editor 1.26
"Opera" = Opera
"PDF Image Extraction Wizard 1.1_is1" = PDF Image Extraction Wizard 1.1
"Pidgin" = Pidgin
"pidgin-guifications" = Guifications Plugin (remove only)
"PowerISO" = PowerISO
"proDAD-Mercalli-1.0" = proDAD Mercalli 1.0
"PS TO USB CONVERTOR" = PS TO USB CONVERTOR
"QuickPar" = QuickPar 0.9
"QuickSFV" = QuickSFV (Remove only)
"realMYST Interactive 3D Edition" = realMYST Interactive 3D Edition
"RealPlayer 6.0" = RealPlayer
"RealVNC_is1" = VNC Enterprise Edition E4.4.0
"RegVac Registry Cleaner (Registered Version)_is1" = RegVac Registry Cleaner 5.01 (Registered Version)
"romcenter_is1" = RomCenter 3.31
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SCDNAS" = SHOUTcast DNAS (remove only)
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"Sierra Utilities" = Sierra Utilities
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"Soulseek" = SoulSeek Client 156c
"Soulseek2" = SoulSeek 157 NS 13e
"StreamPlug" = StreamPlug Player
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TIMELEFT3_is1" = TimeLeft Deluxe
"TVRename" = TV Rename
"Tweak UI 2.10" = Tweak UI
"Undelete Plus_is1" = Undelete Plus 2.71
"USB Safely Remove_is1" = USB Safely Remove 3.3
"uTorrent" = µTorrent
"VASST Ultimate S3" = VASST Ultimate S3 3.0.3
"VeryPDF PDF To Image Converter v2.1_is1" = VeryPDF PDF To Image Converter v2.1
"VisiooWriter" = VisiooWriter 0.6.1
"VLC media player" = VLC media player 1.0.0
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"VobSub" = VobSub v2.23 (Remove Only)
"whereisit-wii_is1" = WhereIsIt? 3.93
"Winamp" = Winamp
"Winamp Essentials Pack" = Winamp Essentials Pack
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 4.52
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.63
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"WordMagus" = WordMagus 2.02
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1123561945-299502267-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d38eed663557f41f" = G6 Save Converter v0.33
"uTorrent" = µTorrent
"WinImage" = WinImage
"XBMC" = XBMC Media Center

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/30/2009 1:47:26 PM | Computer Name = TRESTLE | Source = WinVNC4 | ID = 1
Description = UploadManager: Ignoring unknown history sequence number 0

Error - 7/30/2009 4:37:21 PM | Computer Name = TRESTLE | Source = WinVNC4 | ID = 1
Description = UploadManager: Ignoring unknown history sequence number 0

Error - 7/30/2009 7:19:47 PM | Computer Name = TRESTLE | Source = WinVNC4 | ID = 1
Description = UploadManager: Ignoring unknown history sequence number 0

Error - 7/31/2009 8:46:34 PM | Computer Name = TRESTLE | Source = WinVNC4 | ID = 1
Description = UploadManager: Ignoring unknown history sequence number 0

Error - 7/31/2009 11:11:55 PM | Computer Name = TRESTLE | Source = WinVNC4 | ID = 1
Description = UploadManager: Ignoring unknown history sequence number 0

Error - 8/4/2009 2:00:10 PM | Computer Name = TRESTLE | Source = WinVNC4 | ID = 1
Description = UploadManager: Ignoring unknown history sequence number 0

Error - 8/4/2009 5:46:08 PM | Computer Name = TRESTLE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module ws2_32.dll, version 5.1.2600.2180, fault address 0x0000664d.

Error - 8/4/2009 11:15:07 PM | Computer Name = TRESTLE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 8/4/2009 11:46:48 PM | Computer Name = TRESTLE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 8/5/2009 7:34:05 AM | Computer Name = TRESTLE | Source = SDWinSec.exe | ID = 0
Description =

[ System Events ]
Error - 8/8/2009 7:17:46 AM | Computer Name = TRESTLE | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 8/8/2009 7:46:32 AM | Computer Name = TRESTLE | Source = Service Control Manager | ID = 7000
Description = The EMS Inter-Link driver V3.0 service failed to start due to the
following error: %%1058

Error - 8/8/2009 7:46:32 AM | Computer Name = TRESTLE | Source = Service Control Manager | ID = 7000
Description = The EZWINIT2 service failed to start due to the following error: %%1058

Error - 8/8/2009 7:46:32 AM | Computer Name = TRESTLE | Source = Service Control Manager | ID = 7000
Description = The EZWRITE2 service failed to start due to the following error: %%1058

Error - 8/8/2009 7:46:32 AM | Computer Name = TRESTLE | Source = Service Control Manager | ID = 7000
Description = The Chlsprplnde service failed to start due to the following error:
%%2

Error - 8/8/2009 7:46:32 AM | Computer Name = TRESTLE | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

Error - 8/8/2009 7:46:32 AM | Computer Name = TRESTLE | Source = Service Control Manager | ID = 7023
Description = The Microsoft Security Services Management service terminated with
the following error: %%126

Error - 8/8/2009 7:46:32 AM | Computer Name = TRESTLE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the sfx service to connect.

Error - 8/8/2009 7:46:32 AM | Computer Name = TRESTLE | Source = Service Control Manager | ID = 7000
Description = The sfx service failed to start due to the following error: %%1053

Error - 8/8/2009 7:46:32 AM | Computer Name = TRESTLE | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2


< End of report >

#5 silvertree

silvertree
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 11 August 2009 - 06:18 AM

Rootkit discovered. Looks like CLB is back or never went away even though now it seems asymptomatic.

This scan took a long time complete. The first time I ran the scan, about 2 hours in, my system blue screened with a fault in module "aujasnkj.sys".

So here's the GMER log. Thanks again.

***

GMER 1.0.15.15020 [467isox3.exe] - http://www.gmer.net
Rootkit scan 2009-08-11 08:10:04
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT sphi.sys ZwCreateKey [0xF74290E0]
SSDT sphi.sys ZwEnumerateKey [0xF7447CA2]
SSDT sphi.sys ZwEnumerateValueKey [0xF7448030]
SSDT sphi.sys ZwOpenKey [0xF74290C0]
SSDT sphi.sys ZwQueryKey [0xF7448108]
SSDT sphi.sys ZwQueryValueKey [0xF7447F88]
SSDT sphi.sys ZwSetValueKey [0xF744819A]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xED48E6D0]

INT 0x62 ? 86F66BF8
INT 0x63 ? 86E79BF8
INT 0x73 ? 86E79BF8
INT 0x82 ? 86F66BF8
INT 0x83 ? 86E79BF8
INT 0x83 ? 86E79BF8
INT 0xB4 ? 86E79BF8

---- Kernel code sections - GMER 1.0.15 ----

? sphi.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F64D662C 5 Bytes JMP 86E791D8
.text ap61xtd4.SYS F63BD386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ap61xtd4.SYS F63BD3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ap61xtd4.SYS F63BD3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text ap61xtd4.SYS F63BD3C9 1 Byte [2E]
.text ap61xtd4.SYS F63BD3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Mail\wlmail.exe[1076] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 004044A7 C:\Program Files\Windows Live\Mail\wlmail.exe (Windows Live Mail/Microsoft Corporation)
.text C:\Program Files\Winamp\winamp.exe[1172] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 03793670 C:\Program Files\Winamp\Plugins\Gen_m3a.dll
.text C:\Program Files\Winamp\winamp.exe[1172] USER32.dll!GetScrollInfo 7E420DA2 7 Bytes JMP 037935C0 C:\Program Files\Winamp\Plugins\Gen_m3a.dll
.text C:\Program Files\Winamp\winamp.exe[1172] USER32.dll!ShowScrollBar 7E42F2B3 5 Bytes JMP 03793740 C:\Program Files\Winamp\Plugins\Gen_m3a.dll
.text C:\Program Files\Winamp\winamp.exe[1172] USER32.dll!GetScrollPos 7E42F6C4 5 Bytes JMP 03793600 C:\Program Files\Winamp\Plugins\Gen_m3a.dll
.text C:\Program Files\Winamp\winamp.exe[1172] USER32.dll!SetScrollPos 7E42F710 5 Bytes JMP 037936B0 C:\Program Files\Winamp\Plugins\Gen_m3a.dll
.text C:\Program Files\Winamp\winamp.exe[1172] USER32.dll!GetScrollRange 7E42F747 5 Bytes JMP 03793630 C:\Program Files\Winamp\Plugins\Gen_m3a.dll
.text C:\Program Files\Winamp\winamp.exe[1172] USER32.dll!SetScrollRange 7E42F95B 5 Bytes JMP 037936F0 C:\Program Files\Winamp\Plugins\Gen_m3a.dll
.text C:\Program Files\Winamp\winamp.exe[1172] USER32.dll!EnableScrollBar 7E467DDD 7 Bytes JMP 03793580 C:\Program Files\Winamp\Plugins\Gen_m3a.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86FD72D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F745AC4C] sphi.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F745ACA0] sphi.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F742A040] sphi.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F742A13C] sphi.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F742A0BE] sphi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F742A7FC] sphi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F742A6D2] sphi.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86E792D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F743A048] sphi.sys
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2296E852
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002284
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2272E850
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002260
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] C6000000
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!RtlInitAnsiString] 001CBB86
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 438B0100
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoQueueWorkItem] 8E8D5018
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!MmMapIoSpace] 00001C90
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2232E851
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoReportDetectedDevice] 538B0000
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoReportResourceForDetection] 52016A18
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 1CAC868D
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!NlsMbCodePageTag] E8500000
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00002220
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 8A05478A
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 001CBB8E
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!sprintf] 18C48300
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 1CBD8688
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!ObfDereferenceObject] 43EB0000
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 320C538A
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 88F93BC0
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!ZwClose] 001CBB96
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] F6317300
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 74070647
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 75C0841A
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 05578A0B
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!PoCallDriver] 968801B0
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 57B60F66
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 533B6604
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!ZwOpenKey] 03087408
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 72F93B3F
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoStartTimer] 8A09EBDA
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KeInitializeTimer] 86880547
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KeInitializeDpc] 88084B8A
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KeInitializeSpinLock] 001CBE8E
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoInitializeIrp] 40578B00
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!ZwCreateKey] 8D52006A
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC086
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] B1E85000
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!ZwSetValueKey] 8B000021
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KeInsertQueueDpc] 001CB88E
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] BC968B00
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoStartPacket] 8900001C
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 001CC48E
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] C8968900
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoFreeMdl] 8B00001C
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!MmUnlockPages] 016A4047
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] CCC68150
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 5600001C
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 002187E8
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KeSynchronizeExecution] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCC3
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KeSetTimer] CCCCCCCC
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KeCancelTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!_aulldiv] 8B000000
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!strstr] 56C35DE5
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!_strupr] 8D08758B
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D51FC4D
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D52FD55
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!KeTickCount] 8D51FE4D
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D52FF55
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoDeleteDevice] 8D51F84D
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 5052F455
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoAllocateWorkItem] EACAE856
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoAllocateIrp] C483FFFF
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoAllocateMdl] 0FC08520
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 0001B185
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!MmLockPagableDataSection] 46B70F00
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] F44D8B48
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] C1815753
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00002590
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoFreeIrp] 467C8D51
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!IoFreeWorkItem] 76F6E84A
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!InitSafeBootMode] D88BFFFF
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!RtlCompareMemory] 8504C483
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 5F0A75DB
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!memmove] 5B08438D
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[ntoskrnl.exe!MmHighestUserAddress] 5DE58B5E
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\ap61xtd4.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86FD31F8
Device \FileSystem\Fastfat \FatCdrom 86CB6500
Device \Driver\NetBT \Device\NetBT_Tcpip_{AE4F90F8-D083-49FE-98E5-209E8B2C2DC7} 867E31F8

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 86E4A1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FD51F8
Device \Driver\dmio \Device\DmControl\DmConfig 86FD51F8
Device \Driver\dmio \Device\DmControl\DmPnP 86FD51F8
Device \Driver\dmio \Device\DmControl\DmInfo 86FD51F8
Device \Driver\usbuhci \Device\USBPDO-1 86E4A1F8
Device \Driver\usbuhci \Device\USBPDO-2 86E4A1F8
Device \Driver\usbuhci \Device\USBPDO-3 86E4A1F8
Device \Driver\sptd \Device\4284041126 sphi.sys
Device \Driver\usbehci \Device\USBPDO-4 86D831F8
Device \Driver\PCI_PNP9876 \Device\00000061 sphi.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F671F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F671F8
Device \Driver\Cdrom \Device\CdRom0 86E0A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 86F671F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86F661F8
Device \Driver\atapi \Device\Ide\IdePort0 86F661F8
Device \Driver\atapi \Device\Ide\IdePort1 86F661F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 86F661F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 86F671F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{A583F288-2A79-471A-BEB3-D4800BD858A2} 867E31F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 867E31F8
Device \Driver\NetBT \Device\NetbiosSmb 867E31F8
Device \Driver\usbhub \Device\00000087 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\00000088 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\00000089 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 86E4A1F8
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 86E4A1F8
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 86E4A1F8
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 867CF1F8
Device \Driver\usbuhci \Device\USBFDO-3 86E4A1F8
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 867CF1F8
Device \Driver\usbehci \Device\USBFDO-4 86D831F8
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\Ftdisk \Device\FtControl 86F671F8
Device \Driver\usbhub \Device\0000008a hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\NetBT \Device\NetBT_Tcpip_{2245C0A6-C6F6-40D4-9D47-820AA5706183} 867E31F8
Device \Driver\usbhub \Device\0000008b hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\ap61xtd4 \Device\Scsi\ap61xtd41 86CE21F8
Device \FileSystem\Fastfat \Fat 86CB6500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 86BAB3E8

---- Services - GMER 1.0.15 ----

Service system32\drivers\hjgruirtuufwfn.sys (*** hidden *** ) [SYSTEM] hjgruivjnfmigj <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019ef01010e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019ef01010e@00092d2acf21 0x75 0xD4 0x3C 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruivjnfmigj@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruivjnfmigj@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruivjnfmigj@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruivjnfmigj@imagepath \systemroot\system32\drivers\hjgruirtuufwfn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruivjnfmigj\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruivjnfmigj\main@aid 10037
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruivjnfmigj\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruivjnfmigj\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruivjnfmigj\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruivjnfmigj\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruivjnfmigj\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruivjnfmigj\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruivjnfmigj\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirtuufwfn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruivjnfmigj\modules@hjgruicmd.dll \systemroot\system32\hjgruiwmxumtkx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruivjnfmigj\modules@hjgruilog.dat \systemroot\system32\hjgruitatsmhnc.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruivjnfmigj\modules@hjgruiwsp.dll \systemroot\system32\hjgruixynwakob.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruivjnfmigj\modules@hjgrui.dat \systemroot\system32\hjgruirlvnpsvx.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 248086
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1884604742
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1837005289
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x62 0x77 0xB4 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3A 0xE5 0xB7 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5C 0x87 0x20 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0x9E 0x86 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A583F288-2A79-471A-BEB3-D4800BD858A2}@DhcpRetryTime 320
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A583F288-2A79-471A-BEB3-D4800BD858A2}@DhcpRetryStatus 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x66 0x98 0x53 0xD6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xBF 0x42 0x7A 0x64 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA9 0xF6 0xE6 0x81 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0019ef01010e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0019ef01010e@00092d2acf21 0x75 0xD4 0x3C 0x59 ...
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruivjnfmigj@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruivjnfmigj@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruivjnfmigj@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruivjnfmigj@imagepath \systemroot\system32\drivers\hjgruirtuufwfn.sys
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruivjnfmigj\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruivjnfmigj\main@aid 10037
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruivjnfmigj\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruivjnfmigj\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruivjnfmigj\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruivjnfmigj\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruivjnfmigj\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruivjnfmigj\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruivjnfmigj\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirtuufwfn.sys
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruivjnfmigj\modules@hjgruicmd.dll \systemroot\system32\hjgruiwmxumtkx.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruivjnfmigj\modules@hjgruilog.dat \systemroot\system32\hjgruitatsmhnc.dat
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruivjnfmigj\modules@hjgruiwsp.dll \systemroot\system32\hjgruixynwakob.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruivjnfmigj\modules@hjgrui.dat \systemroot\system32\hjgruirlvnpsvx.dat
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x62 0x77 0xB4 0x60 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3A 0xE5 0xB7 0x57 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5C 0x87 0x20 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0x9E 0x86 0x7F ...
Reg HKLM\SOFTWARE\Classes\.xaml\bootstrap@ bootstrap.xaml.1
Reg HKLM\SOFTWARE\Classes\.xbap\bootstrap@ bootstrap.xbap.1
Reg HKLM\SOFTWARE\Classes\.xps\bootstrap@ bootstrap.xps.1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{69CDBD2D-3DC2-9471-EEEB-311F4841D8B5}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{69CDBD2D-3DC2-9471-EEEB-311F4841D8B5}@oagfbalnehjhfjldogpbkbhhmnhmep 0x6B 0x61 0x68 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{69CDBD2D-3DC2-9471-EEEB-311F4841D8B5}@naifdeiefgbfiklaafbdnnoncolh 0x6B 0x61 0x68 0x6F ...

---- EOF - GMER 1.0.15 ----

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:05 AM

Posted 11 August 2009 - 01:20 PM

We need to run Combofix.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 silvertree

silvertree
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 11 August 2009 - 04:23 PM

I ran combofix.

It took a short while to run so I left for a few minutes. After 10 mintues my PC automatically locks itself.

When I logged back in my desktop had disappeared (just the wallpaper, no icons, no taskbar, etc.)

There was prompt to restore a system file "please insert winxp sp2 pro cd". Inserted the disc, the prompt was satisfied and then nothing happened. The wallpaper remained and nothing else seemed to be running.

After several minutes of no apparent activity I restarted the machine via ctrl+alt+del.

The machine restarted and combofix restarted once windows was up and eventually created a log file.

Since that time my computer has had no network connectivity. I reinstalled my NIC drivers in hopes that the solution was that simple. It was not.

I used netsh winsock reset catalog. Nothing new.

The "repair" option immediately gives an "unable to reset ip" message.

If I attempt to "disable" the nic I get "It is not possible to disable the connection at this time. This connection may be using one or more protocols that do not support Plug-and-Play, or it may have been initiated by another user or the system account"


So anyway, here is the log file:


***

ComboFix 09-08-10.06 - John 08/11/2009 16:22.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.414 [GMT -3:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\John\Application Data\inst.exe
c:\documents and settings\John\Local Settings\Temporary Internet Files\sph264.dll
c:\documents and settings\John\Local Settings\Temporary Internet Files\spmpeg4.dll
c:\documents and settings\John\Local Settings\Temporary Internet Files\sptheo.dll
c:\documents and settings\John\Local Settings\Temporary Internet Files\StreamPlug.dll
c:\program files\PS TO USB CONVERTOR\CnsMin5.ico
c:\program files\sFX
c:\recycler\S-1-5-21-0004954101-1509679646-474239882-5233
c:\recycler\S-1-5-21-0141255089-6638745480-529413864-0015
c:\recycler\S-1-5-21-0228742532-7282652885-716120262-5902
c:\recycler\S-1-5-21-0296144399-3699418747-350559183-2443
c:\recycler\S-1-5-21-0352846167-5551800742-619294110-9154
c:\recycler\S-1-5-21-0353446458-6769294339-703055733-8373
c:\recycler\S-1-5-21-0397053247-7115522160-284029896-3718
c:\recycler\S-1-5-21-0426716804-4954804492-209826894-5633
c:\recycler\S-1-5-21-0451045096-7018992353-169371523-9531
c:\recycler\S-1-5-21-0451045096-7018992353-169371523-9531\Desktop.ini
c:\recycler\S-1-5-21-0451045096-7018992353-169371523-9531\yv8g67.exe
c:\recycler\S-1-5-21-0493120158-7723851488-756431221-3549
c:\recycler\S-1-5-21-0546347202-0074277224-936575155-7830
c:\recycler\S-1-5-21-0564971868-1811835968-112957128-3616
c:\recycler\S-1-5-21-0706373829-2545843846-103505073-9764
c:\recycler\S-1-5-21-0721746029-9011425714-423712675-2231
c:\recycler\S-1-5-21-0765700952-5807294370-447092987-1751
c:\recycler\S-1-5-21-0791920010-8277991809-526645322-4802
c:\recycler\S-1-5-21-0807604842-3522601481-149254382-6705
c:\recycler\S-1-5-21-0879460321-5752742251-114976148-1406
c:\recycler\S-1-5-21-0906270048-4760411037-826529768-2019
c:\recycler\S-1-5-21-1027188495-5963745908-152228794-5366
c:\recycler\S-1-5-21-1288275204-0746160116-896479418-6169
c:\recycler\S-1-5-21-1311744580-7590813958-360577944-7784
c:\recycler\S-1-5-21-1366145099-9178659836-613630666-8915
c:\recycler\S-1-5-21-1405361706-4886640421-463219727-4556
c:\recycler\S-1-5-21-1458938290-4894507771-981719914-4793
c:\recycler\S-1-5-21-1486545262-6589640337-133164207-3421
c:\recycler\S-1-5-21-1502397166-4332390324-265256966-4293
c:\recycler\S-1-5-21-1504639068-4968420118-146163344-4824
c:\recycler\S-1-5-21-1508376462-2509008053-242164892-1024
c:\recycler\S-1-5-21-1512194279-7677631703-678099277-6049
c:\recycler\S-1-5-21-1519556652-5860972525-817217660-0247
c:\recycler\S-1-5-21-1523691138-8140990097-908651838-5897
c:\recycler\S-1-5-21-1529358117-9764044628-111825751-3365
c:\recycler\S-1-5-21-1543379010-7167643333-625834047-0814
c:\recycler\S-1-5-21-1566150536-7825975650-867204944-0585
c:\recycler\S-1-5-21-1568226641-3588303847-178521603-5537
c:\recycler\S-1-5-21-1685265716-2035029513-453010342-4750
c:\recycler\S-1-5-21-1690477803-3538064591-992266580-8282
c:\recycler\S-1-5-21-1703722987-4119804788-335839763-5875
c:\recycler\S-1-5-21-1714010439-6823401486-664615404-3916
c:\recycler\S-1-5-21-1765370133-4736681924-932473720-7515
c:\recycler\S-1-5-21-1834242212-1938020343-323686139-2057
c:\recycler\S-1-5-21-1837795252-1999329301-386659800-8001
c:\recycler\S-1-5-21-1865600355-5769529556-140154921-2549
c:\recycler\S-1-5-21-1891185364-8824226132-371900923-2678
c:\recycler\S-1-5-21-1893865272-9437923222-350818314-7450
c:\recycler\S-1-5-21-1909965990-4499045455-224241266-4724
c:\recycler\S-1-5-21-1982559265-4944076325-997547991-2144
c:\recycler\S-1-5-21-2027135187-6598072693-324393554-7787
c:\recycler\S-1-5-21-2046443356-9567981020-024122561-5393
c:\recycler\S-1-5-21-2094819296-9625591911-315943231-6552
c:\recycler\S-1-5-21-2099857562-8404065784-620223601-1596
c:\recycler\S-1-5-21-2149025516-3095318873-513241816-8716
c:\recycler\S-1-5-21-2190245465-9718391677-226201258-2956
c:\recycler\S-1-5-21-2214816103-5345154327-754725963-1692
c:\recycler\S-1-5-21-2374978768-7802942793-770205658-7997
c:\recycler\S-1-5-21-2417425707-2112164303-982825338-2052
c:\recycler\S-1-5-21-2437654814-1514970177-844835594-7159
c:\recycler\S-1-5-21-2524515374-8932118147-516954074-0379
c:\recycler\S-1-5-21-2616871439-2556115228-370804501-2138
c:\recycler\S-1-5-21-2633578586-9188903410-149987315-2119
c:\recycler\S-1-5-21-2645842233-2148407896-833157676-0606
c:\recycler\S-1-5-21-2696015668-7101846377-699037685-1340
c:\recycler\S-1-5-21-2746948517-8061215545-296870806-8056
c:\recycler\S-1-5-21-2825921625-5904318227-090354301-6522
c:\recycler\S-1-5-21-2842479956-4512741784-700136376-3702
c:\recycler\S-1-5-21-2873108319-2354493656-300985567-1525
c:\recycler\S-1-5-21-2900022070-5309339686-353739796-1623
c:\recycler\S-1-5-21-2911457752-6793653012-589893813-2411
c:\recycler\S-1-5-21-2921475377-7783657310-482319023-0270
c:\recycler\S-1-5-21-2925903628-2742540388-834454011-1650
c:\recycler\S-1-5-21-2990759622-2977935552-598766652-5431
c:\recycler\S-1-5-21-2991919138-0684974201-972534349-2626
c:\recycler\S-1-5-21-3013705676-5093658022-298342460-5144
c:\recycler\S-1-5-21-3069655416-7121054114-098103707-0441
c:\recycler\S-1-5-21-3110766597-9714924142-277224716-8657
c:\recycler\S-1-5-21-3141480116-2391595050-713160604-1376
c:\recycler\S-1-5-21-3155783275-4968926305-734211368-1930
c:\recycler\S-1-5-21-3156181653-7406968205-844465852-1986
c:\recycler\S-1-5-21-3158301757-5836092192-177294684-6247
c:\recycler\S-1-5-21-3196937075-2199191464-038884491-6001
c:\recycler\S-1-5-21-3202804353-2893560064-168087283-5058
c:\recycler\S-1-5-21-3207378976-7908346883-925416555-7243
c:\recycler\S-1-5-21-3312454687-1748916589-694027039-4949
c:\recycler\S-1-5-21-3373859528-3885935956-580818616-4559
c:\recycler\S-1-5-21-3382847246-7864744789-252823019-4980
c:\recycler\S-1-5-21-3402108229-3947723479-109663066-9027
c:\recycler\S-1-5-21-3427179402-5580011430-134144803-6275
c:\recycler\S-1-5-21-3514620850-6672365783-171856020-1350
c:\recycler\S-1-5-21-3562402509-6559919169-978332812-5172
c:\recycler\S-1-5-21-3595412422-8429313308-299169109-5546
c:\recycler\S-1-5-21-3685125944-8581685830-411346060-1716
c:\recycler\S-1-5-21-3695436061-1357598789-141569043-1525
c:\recycler\S-1-5-21-3712607600-6248771553-308968692-8674
c:\recycler\S-1-5-21-3768902277-0012344753-666812874-1596
c:\recycler\S-1-5-21-3818857654-7483832345-696045889-3142
c:\recycler\S-1-5-21-3949184907-5590713826-563751726-7723
c:\recycler\S-1-5-21-4007911075-5676925450-529083576-0658
c:\recycler\S-1-5-21-4043746280-9761380828-639571071-9138
c:\recycler\S-1-5-21-4050400498-0096221829-822804564-8637
c:\recycler\S-1-5-21-4052622599-9138611541-684941978-3703
c:\recycler\S-1-5-21-4062479029-6271936684-342758371-7794
c:\recycler\S-1-5-21-4071664552-3518401562-952642255-7843
c:\recycler\S-1-5-21-4139896521-7218685167-745021849-9779
c:\recycler\S-1-5-21-4223227797-5661611203-183361334-1392
c:\recycler\S-1-5-21-4232680718-8164676210-873721270-3917
c:\recycler\S-1-5-21-4258353782-4015572140-722048816-1412
c:\recycler\S-1-5-21-4290304012-7369318932-257744697-0920
c:\recycler\S-1-5-21-4331876715-1947867475-679347666-6044
c:\recycler\S-1-5-21-4346090946-8013442611-858066994-7927
c:\recycler\S-1-5-21-4366589799-0953576116-385947457-2688
c:\recycler\S-1-5-21-4385077778-5990657217-920720303-5764
c:\recycler\S-1-5-21-4413741609-9164188565-930022965-9424
c:\recycler\S-1-5-21-4477699556-6665515889-747476432-1969
c:\recycler\S-1-5-21-4490106405-9816135685-708046750-2652
c:\recycler\S-1-5-21-4500152556-9456633172-103906669-1767
c:\recycler\S-1-5-21-4532708891-5818145295-727942925-7318
c:\recycler\S-1-5-21-4533841945-1567606328-820917085-7850
c:\recycler\S-1-5-21-4571172297-3928027448-570640225-3664
c:\recycler\S-1-5-21-4582569984-7881672186-545047727-6194
c:\recycler\S-1-5-21-4716682769-1229067330-315641337-1439
c:\recycler\S-1-5-21-4761853407-4895432324-324330502-2403
c:\recycler\S-1-5-21-4978934737-1696370126-604323728-5205
c:\recycler\S-1-5-21-5015782650-2871991869-041336868-3540
c:\recycler\S-1-5-21-5083515759-3327137829-190355906-6793
c:\recycler\S-1-5-21-5091270217-2021869944-533562830-0796
c:\recycler\S-1-5-21-5172998062-3166420100-281293574-4540
c:\recycler\S-1-5-21-5185374959-8685245974-814970425-8616
c:\recycler\S-1-5-21-5201331196-8666111268-690410546-0864
c:\recycler\S-1-5-21-5301715414-4813381763-244059433-5767
c:\recycler\S-1-5-21-5387268510-9363742763-531187718-1727
c:\recycler\S-1-5-21-5465081442-6677797972-689564249-0911
c:\recycler\S-1-5-21-5465113874-7699481159-378675868-9200
c:\recycler\S-1-5-21-5509577298-5431586756-152706810-8179
c:\recycler\S-1-5-21-5587505430-1057273229-592029698-8528
c:\recycler\S-1-5-21-5691317738-7772326230-149070667-8891
c:\recycler\S-1-5-21-5751146839-7467335784-583805310-1042
c:\recycler\S-1-5-21-5807769014-8698519172-356417932-8985
c:\recycler\S-1-5-21-5850298352-9280035171-274175328-6575
c:\recycler\S-1-5-21-5938005535-3829051836-470243003-9616
c:\recycler\S-1-5-21-5942281330-2973926361-312442094-7438
c:\recycler\S-1-5-21-5971403785-8672771550-705597727-6141
c:\recycler\S-1-5-21-5978166963-4536102020-956834757-1421
c:\recycler\S-1-5-21-6049262748-3609853844-927965107-1961
c:\recycler\S-1-5-21-6086756523-3565170720-331084630-2170
c:\recycler\S-1-5-21-6118379431-3922385211-961409953-8884
c:\recycler\S-1-5-21-6151787743-3023394538-820047479-7382
c:\recycler\S-1-5-21-6202803535-7253785439-618437640-6594
c:\recycler\S-1-5-21-6242513037-8020660928-139489405-4117
c:\recycler\S-1-5-21-6251138752-0857403827-512119118-8828
c:\recycler\S-1-5-21-6338229850-1015195879-502118372-7654
c:\recycler\S-1-5-21-6362083022-1987723130-889262571-7762
c:\recycler\S-1-5-21-6363879096-8818200653-772806276-9634
c:\recycler\S-1-5-21-6439216198-9017885921-800772354-8903
c:\recycler\S-1-5-21-6461192633-2209319481-093914693-6568
c:\recycler\S-1-5-21-6469062807-5245269339-965898084-1024
c:\recycler\S-1-5-21-6496975860-4024241157-883062043-4605
c:\recycler\S-1-5-21-6552765465-1241236815-030905135-4545
c:\recycler\S-1-5-21-6574272896-6838509086-761146899-0525
c:\recycler\S-1-5-21-6579553903-9012181761-015965620-8754
c:\recycler\S-1-5-21-6599798796-5087096271-023711685-0561
c:\recycler\S-1-5-21-6662896471-0270598056-543565610-4894
c:\recycler\S-1-5-21-6690803985-0513775062-507806764-0027
c:\recycler\S-1-5-21-6779050342-3280802961-566380714-6170
c:\recycler\S-1-5-21-6893110631-4784307400-942092479-5226
c:\recycler\S-1-5-21-6905872084-9861191895-925714353-5485
c:\recycler\S-1-5-21-6919620421-6909012795-657209528-3864
c:\recycler\S-1-5-21-6928694068-5701676997-282707564-9159
c:\recycler\S-1-5-21-7015739342-5543487441-807321978-6258
c:\recycler\S-1-5-21-7017360450-9445442923-282398721-2126
c:\recycler\S-1-5-21-7103402302-0129294975-914461422-5743
c:\recycler\S-1-5-21-7189172934-1045047342-343917041-8732
c:\recycler\S-1-5-21-7198965551-1495493288-570408441-9978
c:\recycler\S-1-5-21-7314526913-8188446063-511307943-6729
c:\recycler\S-1-5-21-7431544877-5315328234-249333398-3367
c:\recycler\S-1-5-21-7551905724-0298968049-945780683-0831
c:\recycler\S-1-5-21-7570955117-6633817422-073560165-1284
c:\recycler\S-1-5-21-7678382235-6838591637-952698701-0823
c:\recycler\S-1-5-21-7694380982-7762749483-234012084-0349
c:\recycler\S-1-5-21-7789784938-3446486131-388978333-3356
c:\recycler\S-1-5-21-7796689761-3129763061-480137722-3975
c:\recycler\S-1-5-21-7833887992-6440367446-153245434-2834
c:\recycler\S-1-5-21-7861639647-6131714116-768824511-3319
c:\recycler\S-1-5-21-7892361540-0772001411-898077731-3052
c:\recycler\S-1-5-21-7997668848-4338134611-706665186-4151
c:\recycler\S-1-5-21-8041734227-7746127229-912304462-2399
c:\recycler\S-1-5-21-8127256035-0686685988-088771991-8432
c:\recycler\S-1-5-21-8218256479-6382828597-890313228-6658
c:\recycler\S-1-5-21-8245343109-8397425118-041165723-6593
c:\recycler\S-1-5-21-8272080050-9021619945-357381500-7433
c:\recycler\S-1-5-21-8307657319-2503858605-043565381-3635
c:\recycler\S-1-5-21-8336330085-3296681633-471196850-5052
c:\recycler\S-1-5-21-8402997521-6435723356-379954376-1475
c:\recycler\S-1-5-21-8404580162-5151932258-708360649-7598
c:\recycler\S-1-5-21-8452515193-7894471356-823444708-5744
c:\recycler\S-1-5-21-8454670789-5694302896-754688662-4956
c:\recycler\S-1-5-21-8465795366-7111725539-420049968-9258
c:\recycler\S-1-5-21-8523353994-3221473459-726214177-2813
c:\recycler\S-1-5-21-8609506787-6506150354-610315653-2871
c:\recycler\S-1-5-21-8631055156-4950808818-689369648-2500
c:\recycler\S-1-5-21-8645626811-7237707279-293656924-6993
c:\recycler\S-1-5-21-8739528033-0123009831-132382342-3923
c:\recycler\S-1-5-21-8745196260-0913357055-848164434-6600
c:\recycler\S-1-5-21-8965416521-3757339846-087799992-2629
c:\recycler\S-1-5-21-9032806775-0200439859-045187003-7701
c:\recycler\S-1-5-21-9042880447-9083130414-179343931-0375
c:\recycler\S-1-5-21-9102828399-0939963132-705827593-6546
c:\recycler\S-1-5-21-9111564435-8662071550-336906879-4391
c:\recycler\S-1-5-21-9137881892-3482759258-815248012-3766
c:\recycler\S-1-5-21-9164814348-1517460583-586283782-8078
c:\recycler\S-1-5-21-9213341182-7077463803-403539462-9844
c:\recycler\S-1-5-21-9328149421-6611516007-221169908-8862
c:\recycler\S-1-5-21-9404912610-9587072580-773046213-5059
c:\recycler\S-1-5-21-9427387457-5182521203-566712951-5595
c:\recycler\S-1-5-21-9444507885-4882538680-509601574-7087
c:\recycler\S-1-5-21-9445253362-2179421599-592756484-7120
c:\recycler\S-1-5-21-9514873975-5239560150-929412473-9975
c:\recycler\S-1-5-21-9552637832-7172941759-613906409-4918
c:\recycler\S-1-5-21-9567678198-0710609836-299786170-5192
c:\recycler\S-1-5-21-9624029036-5236471812-650824769-2423
c:\recycler\S-1-5-21-9628333357-2788074594-755916295-1309
c:\recycler\S-1-5-21-9665519461-0129245300-157476152-8615
c:\recycler\S-1-5-21-9740615505-2138885576-861785357-9934
c:\recycler\S-1-5-21-9857440680-5394420467-328329924-9371
c:\recycler\S-1-5-21-9877166649-7751130706-434886882-3268
c:\recycler\S-1-5-21-9880209292-1721589210-093948020-7643
c:\recycler\S-1-5-21-9883887176-5717895354-594829652-2315
c:\recycler\S-1-5-21-9904107807-7583406266-133104842-5384
c:\recycler\S-1-5-21-9948635218-4216923545-446365169-6308
c:\windows\Fonts\mlog
c:\windows\Install.txt
c:\windows\Installer\WMEncoder.msi
c:\windows\regedit.com
c:\windows\system32\charset.dll
c:\windows\system32\hjgruitatsmhnc.dat
c:\windows\system32\Install.txt
c:\windows\system32\sfcfiles.dll
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6to4
-------\Legacy_hjgruivjnfmigj
-------\Legacy_ias
-------\Legacy_netcard
-------\Legacy_sfx
-------\Legacy_sfxdrv
-------\Service_6to4
-------\Service_hjgruivjnfmigj
-------\Service_ias
-------\Service_sfx


((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))
.

2009-08-11 19:44 . 2004-08-04 12:00 1580544 -c--a-w- c:\windows\system32\dllcache\sfcfiles.dll
2009-08-11 19:44 . 2004-08-04 12:00 1580544 ----a-w- c:\windows\system32\sfcfiles.dll
2009-08-07 22:11 . 2009-08-07 22:11 -------- d-----w- c:\program files\JRE
2009-08-07 18:23 . 2009-08-07 18:23 -------- d-sh--w- c:\documents and settings\John\UserData
2009-08-07 01:34 . 2009-08-07 02:27 -------- d-----w- c:\documents and settings\John\DoctorWeb
2009-08-06 19:54 . 2009-08-06 19:54 577536 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-08-06 19:39 . 2009-08-06 19:39 -------- d-----w- c:\windows\ERUNT
2009-08-06 19:37 . 2009-08-06 20:20 -------- d-----w- C:\SDFix
2009-08-05 13:01 . 2009-08-05 13:01 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2009-08-05 13:01 . 2009-08-03 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-05 13:00 . 2009-08-05 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-05 13:00 . 2009-08-03 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-05 13:00 . 2009-08-05 13:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 04:41 . 2009-08-08 02:39 117760 ----a-w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-05 04:41 . 2009-08-05 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-05 04:41 . 2009-08-05 15:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-05 04:41 . 2009-08-05 04:41 -------- d-----w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com
2009-08-05 03:38 . 2009-08-05 03:38 -------- d-----w- c:\program files\Trend Micro
2009-08-04 22:34 . 2009-08-08 04:57 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-04 22:31 . 2009-08-04 22:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-04 22:31 . 2009-08-10 21:53 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-04 22:31 . 2009-08-04 22:31 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-04 22:31 . 2009-08-04 22:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-04 21:00 . 2009-08-04 21:00 139264 ----a-w- C:\rrhnqdo.exe
2009-08-04 20:59 . 2009-08-05 13:08 -------- d-sh--w- c:\windows\java updater
2009-08-04 20:59 . 2009-08-04 20:59 4 ----a-w- c:\documents and settings\John\Application Data\NP.sys
2009-08-04 20:58 . 2009-08-07 03:58 -------- d-----w- c:\program files\Common Files\Microsoft Update Engine
2009-07-30 05:59 . 2009-07-30 05:59 1201 ----a-w- c:\documents and settings\John\Application Data\.purple\certificates\x509\tls_peers\login.facebook.com
2009-07-27 23:24 . 2009-07-27 23:25 -------- d-----w- c:\program files\nandub
2009-07-19 22:14 . 2009-07-19 22:14 25214 ----a-r- c:\documents and settings\John\Application Data\Microsoft\Installer\{CE378F36-E404-4244-A33F-F50A2A6D31BD}\ARPPRODUCTICON.exe
2009-07-19 22:14 . 2009-07-19 22:14 -------- d-----w- c:\program files\Pro Imaging Powertoys
2009-07-12 21:44 . 1996-11-06 15:04 302592 ----a-w- c:\windows\unin040c.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 19:53 . 2007-08-28 00:35 -------- d-----w- c:\documents and settings\John\Application Data\.purple
2009-08-11 19:50 . 2006-09-19 16:04 -------- d-----w- c:\documents and settings\John\Application Data\uTorrent
2009-08-11 19:38 . 2008-09-27 21:50 2884 ----a-w- c:\program files\Toolbar1.pdc
2009-08-11 19:35 . 2006-09-20 19:29 -------- d-----w- c:\program files\PS TO USB CONVERTOR
2009-08-11 19:14 . 2009-05-27 11:36 -------- d-----w- c:\program files\megui
2009-08-08 11:42 . 2009-01-19 22:49 1 ----a-w- c:\documents and settings\John\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-07 23:39 . 2006-09-24 06:58 38784 ----a-w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-07 22:11 . 2009-01-19 22:44 -------- d-----w- c:\program files\OpenOffice.org 3
2009-08-07 22:06 . 2006-04-03 17:28 -------- d-----w- c:\program files\Java
2009-08-05 23:58 . 2006-09-15 18:11 -------- d-----w- c:\program files\Opera
2009-08-05 20:12 . 2008-01-27 20:44 -------- d-----w- c:\program files\Lavasoft
2009-08-05 20:12 . 2008-01-27 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-05 17:52 . 2008-01-30 04:48 -------- d-----w- c:\documents and settings\John\Application Data\FileZilla
2009-08-05 05:31 . 2008-09-20 23:44 -------- d-----w- c:\program files\ACDSee32
2009-08-05 04:40 . 2008-09-08 02:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-05 02:41 . 2008-09-08 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-08-04 21:13 . 2006-10-27 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-04 17:33 . 2009-06-21 01:56 -------- d-----w- c:\program files\XBMC
2009-08-03 23:35 . 2009-07-07 23:02 -------- d-----w- c:\documents and settings\John\Application Data\vlc
2009-07-31 01:48 . 2007-03-16 23:29 272 ----a-w- c:\windows\system32\RfmDat2.dat
2009-07-31 01:24 . 2009-05-02 18:34 -------- d-----w- c:\program files\Common Files\Portrait Displays
2009-07-31 00:44 . 2005-04-11 12:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-31 00:43 . 2009-05-02 18:36 -------- d-----w- c:\documents and settings\John\Application Data\DisplayTune
2009-07-30 22:36 . 2006-09-19 16:08 -------- d-----w- c:\program files\Soulseek
2009-07-30 16:43 . 2009-06-04 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2009-07-27 23:28 . 2008-01-26 05:51 -------- d-----w- c:\program files\virtualdub
2009-07-20 01:10 . 2006-09-20 15:48 -------- d-----w- c:\documents and settings\John\Application Data\Mp3tag
2009-07-19 21:31 . 2008-10-01 14:12 -------- d-----w- c:\program files\Google
2009-07-18 01:09 . 2008-10-20 15:19 875 ----a-w- c:\program files\oggdropXPd.ini
2009-07-17 16:40 . 2008-04-04 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-07-17 15:06 . 2008-01-27 19:54 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-07-17 14:40 . 2008-01-27 19:35 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-07-17 14:05 . 2009-04-17 00:43 -------- d-----w- c:\program files\SHOUTcast
2009-07-17 14:05 . 2007-11-13 14:16 -------- d-----w- c:\program files\Project64 1.6
2009-07-17 14:05 . 2007-09-27 02:24 -------- d-----w- c:\program files\MP3Gain
2009-07-17 14:05 . 2009-05-06 15:54 -------- d-----w- c:\documents and settings\John\Application Data\XBMC
2009-07-17 14:05 . 2008-06-07 16:48 -------- d-----w- c:\documents and settings\John\Application Data\iTag
2009-07-17 14:05 . 2007-11-25 19:39 -------- d-----w- c:\documents and settings\John\Application Data\FastSum
2009-07-17 12:49 . 2006-09-19 17:09 -------- d-----w- c:\documents and settings\John\Application Data\VMware
2009-07-17 12:49 . 2009-04-05 14:47 -------- d-----w- c:\program files\WinImage 81
2009-07-17 10:44 . 2009-07-17 10:44 118784 ----a-w- c:\windows\Web\Wallpaper\The Legend of Zelda Four Swords Adventures.exe
2009-07-17 10:44 . 2009-05-09 19:49 -------- d-----w- c:\program files\StepMania
2009-07-17 10:43 . 2008-02-03 19:43 -------- d-----w- c:\program files\ScanSoft
2009-07-17 10:42 . 2008-02-03 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-07-17 10:40 . 2009-06-21 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2009-07-17 10:38 . 2007-10-26 23:11 -------- d-----w- c:\program files\Ootake
2009-07-17 10:38 . 2007-11-17 19:50 -------- d-----w- c:\program files\MediaMonkey
2009-07-17 10:37 . 2008-10-19 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMonkey
2009-07-17 10:35 . 2009-05-09 20:48 -------- d-----w- c:\program files\Frets on Fire
2009-07-15 16:43 . 2009-05-02 18:34 17136 ----a-w- c:\windows\system32\drivers\PdiPorts.sys
2009-07-14 18:55 . 2008-09-20 21:43 -------- d-----w- c:\documents and settings\John\Application Data\foobar2000
2009-07-14 01:16 . 2006-09-15 18:16 -------- d-----w- c:\program files\Winamp
2009-07-13 23:37 . 2006-09-20 22:46 7921928 ----a-w- c:\program files\Winamp.rar
2009-07-13 01:18 . 2006-09-17 03:10 -------- d-----w- c:\program files\GetRight
2009-07-11 15:40 . 2009-03-12 18:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-10 23:10 . 2009-07-10 23:10 967912 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-10 13:35 . 2008-10-20 13:37 3100160 ----a-w- c:\program files\oggdropXPd.exe
2009-07-10 12:36 . 2009-07-10 12:36 2095 ----a-w- c:\documents and settings\John\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2009-07-08 19:24 . 2008-08-26 22:32 293 ----a-w- c:\program files\lamedropXPd.ini
2009-07-07 15:05 . 2008-12-11 18:57 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2009-07-05 23:34 . 2009-05-03 17:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-05 23:30 . 2009-06-16 03:26 152576 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-05 01:43 . 2009-07-05 01:43 2141 ----a-w- c:\documents and settings\John\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-07-02 02:49 . 2006-11-20 17:35 -------- d-----w- c:\program files\7-Zip
2009-07-02 02:49 . 2006-10-27 00:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-01 21:02 . 2009-07-01 21:02 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-01 21:02 . 2007-02-01 13:15 -------- d-----w- c:\program files\Common Files\Real
2009-07-01 03:10 . 2007-08-28 00:33 -------- d-----w- c:\program files\Pidgin
2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-26 19:22 . 2007-08-28 00:42 -------- d-----w- c:\documents and settings\John\Application Data\gtk-2.0
2009-06-25 01:54 . 2008-10-20 14:50 5683 ----a-w- c:\program files\lameENCdrop.log
2009-06-24 19:42 . 2008-08-28 03:03 -------- d-----w- c:\program files\MKVExtractGUI-1.6.4.1
2009-06-23 01:22 . 2008-06-07 16:48 -------- d-----w- c:\program files\iTag
2009-06-21 16:44 . 2007-09-12 05:13 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-06-21 16:19 . 2006-09-15 18:17 -------- d-----w- c:\program files\ffdshow
2009-06-21 15:49 . 2008-08-28 03:04 -------- d-----w- c:\program files\MKVtoolnix
2009-06-21 14:34 . 2009-06-21 14:26 -------- d-----w- c:\documents and settings\John\Application Data\FLV Extract
2009-06-21 14:25 . 2009-06-21 14:25 -------- d-----w- c:\program files\flv Extract
2009-06-21 14:07 . 2009-06-21 14:07 -------- d-----w- c:\program files\WMV9_VCM
2009-06-21 14:06 . 2009-06-21 14:06 -------- d-----w- c:\documents and settings\John\Application Data\River Past G5
2009-06-21 14:01 . 2008-06-08 23:52 -------- d-----w- c:\program files\Avidemux 2.4
2009-06-20 20:10 . 2009-06-20 20:10 390664 ----a-w- c:\documents and settings\John\Application Data\Real\RealPlayer\setup\AU_setup.exe
2009-06-17 00:38 . 2009-06-17 00:38 106557 ----a-w- c:\windows\system32\btw_ci.dll
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 03:18 . 2009-05-04 12:38 -------- d-----w- c:\program files\BandwidthMonitor
2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2008-10-20 20:41 . 2008-10-20 20:41 1488 ----a-w- c:\program files\GenreData.txt
2008-09-24 21:47 . 2008-10-20 14:07 754688 ----a-w- c:\program files\lamedropXPd3.exe
2008-09-15 13:23 . 2009-03-29 14:38 86528 ----a-w- c:\program files\unstopcp.exe
2008-09-08 02:02 . 2008-09-08 02:01 27473963 ----a-w- c:\program files\PowerDesk.7z
2008-05-01 22:26 . 2008-05-01 22:26 182784 ----a-w- c:\program files\DirToTxt.exe
2008-03-27 12:40 . 2008-03-27 12:40 14560 ----a-w- c:\program files\envvar.gif
2004-10-01 18:00 . 2006-10-27 02:44 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2004-07-29 16:34 . 2008-09-27 21:50 753664 ----a-w- c:\program files\Pdesk.exe
2001-11-13 04:00 . 2009-05-11 16:05 78848 ----a-w- c:\program files\ShareWatch.exe
2006-02-23 12:16 . 2008-01-25 21:44 34048 ----a-w- c:\program files\mozilla firefox\plugins\upd62i9x.dll
2006-02-23 12:16 . 2008-01-25 21:44 45056 ----a-w- c:\program files\mozilla firefox\plugins\upd62int.dll
2006-02-23 12:16 . 2008-01-25 21:44 34048 ----a-w- c:\program files\opera\program\plugins\upd62i9x.dll
2006-02-23 12:16 . 2008-01-25 21:44 45056 ----a-w- c:\program files\opera\program\plugins\upd62int.dll
2006-05-03 09:06 . 2009-06-16 03:43 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-06-16 03:43 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-06-16 03:43 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2004-08-04 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll
[-] 2009-08-06 19:54 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll

[-] 2004-08-04 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll

[-] 2005-07-03 02:09 659456 6E533D155B259EB2363D3E04B5BE309F c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2007-08-22 12:55 665600 A1BC17EB3758D73C3938B2318820F5B4 c:\windows\$hf_mig$\KB939653\SP2QFE\wininet.dll
[-] 2007-10-11 05:57 666112 80D660A49E0D118144423099B2A9F5DA c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[-] 2007-12-07 00:44 666112 085A7C37F9C6EDE1BA870B7DBEC06399 c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
[-] 2008-02-16 09:32 666112 BB1EACD6AB47E78EBCA02EB781550D55 c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
[-] 2008-04-21 06:56 666624 2E7DE1BF9418B071799EB53DE8CC22F5 c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
[-] 2008-04-21 06:44 666112 2B0C24AA747A93A28987B6D65A4A74BC c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[-] 2008-04-21 06:24 666624 26F240C250E5B4B395CB4B178BA75437 c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[-] 2008-06-23 16:12 667136 611ACE3F4201E9610AF8452F7C268995 c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
[-] 2008-06-23 15:09 666112 F12FBB673DE9CC802C5DC518FE99AA2F c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[-] 2008-06-23 14:54 666624 972299B7241EC325D8C7E5638C884925 c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[-] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
[-] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
[-] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
[-] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
[-] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[-] 2009-04-29 04:49 828928 62CCA075F44015147B8971DAFFBCFF76 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll
[-] 2009-06-29 16:23 828928 4C6B4138165A4C53FE8A5B1D809526C3 c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll
[-] 2008-06-23 15:38 659456 9EEA04BC4C3FA521D256D89940FAB4DB c:\windows\ie7\wininet.dll
[-] 2007-08-13 21:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB953838-IE7\wininet.dll
[-] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
[-] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
[-] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
[-] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\ie7updates\KB969897-IE7\wininet.dll
[-] 2009-04-29 04:56 827392 8E2D471157B0DF329D8D0EA5D83B0DDB c:\windows\ie7updates\KB972260-IE7\wininet.dll
[-] 2009-06-29 16:12 827392 A39B7BA7AB9B1CC2A0009F59772DB83C c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3gdr\wininet.dll
[-] 2009-06-29 16:23 828928 4C6B4138165A4C53FE8A5B1D809526C3 c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3qfe\wininet.dll
[-] 2009-06-29 16:12 827392 A39B7BA7AB9B1CC2A0009F59772DB83C c:\windows\system32\wininet.dll
[-] 2009-06-29 16:12 827392 A39B7BA7AB9B1CC2A0009F59772DB83C c:\windows\system32\dllcache\wininet.dll

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[-] 2008-05-15 22:47 502272 6225F14B8CE08CCBA8B25AD27843C674 c:\windows\system32\winlogon.exe

[-] 2004-08-04 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2009-02-07 22:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 09:18 2062976 63EC865DFF6CCFC7BEF94B5C50297CAD c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 18:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2009-02-06 16:49 2015744 B238AB60093BABFE76AEC8F34B4D399D c:\windows\system32\ntkrnlpa.exe
[-] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\system32\dllcache\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-07 22:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 09:57 2185984 CE69DBD54221F2D40E49FF6DB77C6507 c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 19:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2009-02-06 17:22 2136064 16B5EBE97F243441264A8F8694C2F2AA c:\windows\system32\ntoskrnl.exe
[-] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\system32\dllcache\ntoskrnl.exe

[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

[-] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\services.exe
[-] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\dllcache\services.exe

[-] 2004-08-04 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe

[-] 2004-08-04 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe

[-] 2004-08-04 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe

[-] 2004-08-04 08:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\kernel32.dll
[-] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\dllcache\kernel32.dll

[-] 2004-08-04 12:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll

[-] 2004-08-04 12:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll

[-] 2004-08-04 12:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\appmgmts.dll

[-] 2005-07-20 02:03 3016192 A14A7A206AE22DE4FE563E44CFC7DDF5 c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll
[-] 2005-11-24 01:07 3018240 D3F037F5DA702AE9DDD7663EC9D78BA7 c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll
[-] 2007-08-22 22:25 3064832 885E3BF99EA4B2213901EBC35B34CF12 c:\windows\$hf_mig$\KB939653\SP2QFE\mshtml.dll
[-] 2007-10-30 09:55 3065856 79314A0A6B0DA78AFE491FF2D8B117BA c:\windows\$hf_mig$\KB942615\SP2QFE\mshtml.dll
[-] 2007-12-07 00:44 3066368 8A4DD074DEC1B0C063C8493ABF654CBC c:\windows\$hf_mig$\KB944533\SP2QFE\mshtml.dll
[-] 2008-02-16 09:32 3066880 701A6798DDF875CAA3A5099EE75FD57F c:\windows\$hf_mig$\KB947864\SP2QFE\mshtml.dll
[-] 2008-04-21 06:56 3066880 083B967E6B0B2BB539CE6B08D45D631F c:\windows\$hf_mig$\KB950759\SP2QFE\mshtml.dll
[-] 2008-04-21 06:44 3066880 FE406DE0651C9E8201DCB0460609D739 c:\windows\$hf_mig$\KB950759\SP3GDR\mshtml.dll
[-] 2008-04-21 06:24 3067392 46A61BA430110F00DD990D058AA3D054 c:\windows\$hf_mig$\KB950759\SP3QFE\mshtml.dll
[-] 2008-06-23 16:11 3067392 1FC693A4EE1D9D9CD78DDA6C87232F6F c:\windows\$hf_mig$\KB953838\SP2QFE\mshtml.dll
[-] 2008-06-23 15:09 3067392 F433136C23D13B120412B300D1324A7E c:\windows\$hf_mig$\KB953838\SP3GDR\mshtml.dll
[-] 2008-06-25 04:24 3067904 04EEC0FF4DD3C7041628973CA6832C33 c:\windows\$hf_mig$\KB953838\SP3QFE\mshtml.dll
[-] 2008-06-23 16:01 3594240 28B8231CA8D55FC85E027A57C90F5C88 c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
[-] 2008-08-26 09:08 3594752 25CC085720EE3617FD1F8AB9E2F7CAB2 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
[-] 2008-10-16 20:24 3595264 B74F31A4BD83797D7A083F922169287D c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
[-] 2008-12-13 06:26 3594752 C79FAD61CD4A26ED5AA8C16D991C6FBD c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
[-] 2009-01-16 16:24 3596288 CC9D001B7370B292C35B366CA05B12B4 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
[-] 2009-02-21 07:39 3596800 1BB754AB47B327DE8DBF2FA18C36357C c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll
[-] 2009-04-29 04:49 3598336 C6FD770D518FB024245A0EE217D72BC1 c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll
[-] 2009-07-19 13:31 3600384 F6098CC1B1C3858D53F20F3CB5774F3B c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll
[-] 2008-06-23 15:38 3059712 74B5A84AC8FCF52C249B74C3D2A3E7B8 c:\windows\ie7\mshtml.dll
[-] 2007-08-13 21:54 3578368 C6EC2493346ED8888A549F59210A8ED3 c:\windows\ie7updates\KB953838-IE7\mshtml.dll
[-] 2008-06-24 13:57 3592192 EC936148284F557F19C333178768109B c:\windows\ie7updates\KB956390-IE7\mshtml.dll
[-] 2008-08-27 08:24 3593216 1AD035E04A7068EC2820B055A3131ED8 c:\windows\ie7updates\KB958215-IE7\mshtml.dll
[-] 2008-10-17 06:08 3593216 EACAEDEF6FA2A969DE5B36190D45396F c:\windows\ie7updates\KB960714-IE7\mshtml.dll
[-] 2008-12-13 06:40 3593216 121EC39A64D64205A88C2C45B034B455 c:\windows\ie7updates\KB961260-IE7\mshtml.dll
[-] 2009-01-17 01:35 3594752 3B413267DA8AE71C20E5EF3E54F74728 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
[-] 2009-02-20 18:09 3595264 C7C3E41CC2F6EB4A629FE2184136C098 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
[-] 2009-04-29 04:56 3596288 2B4315EC9E3124408A2A5074C4B97700 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
[-] 2009-07-19 13:33 3597824 758C8BEDAB7CE5F9070C85E2E57CBD80 c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3gdr\mshtml.dll
[-] 2009-07-19 13:31 3600384 F6098CC1B1C3858D53F20F3CB5774F3B c:\windows\SoftwareDistribution\Download\cfdf673d5f64980a67e3f1a551949306\sp3qfe\mshtml.dll
[-] 2009-07-19 13:33 3597824 758C8BEDAB7CE5F9070C85E2E57CBD80 c:\windows\system32\mshtml.dll
[-] 2009-07-19 13:33 3597824 758C8BEDAB7CE5F9070C85E2E57CBD80 c:\windows\system32\dllcache\mshtml.dll

[-] 2004-08-04 12:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys

[-] 2004-08-04 12:00 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\comres.dll

[-] 2004-08-04 12:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\lpk.dll

[-] 2004-08-04 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys
[-] 2004-08-04 12:00 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\drivers\beep.sys

[-] 2004-08-04 12:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\system32\drivers\aec.sys

[-] 2006-11-01 19:17 927504 925F8B61ED301A317BA850EBEECBDAA0 c:\windows\system32\mfc40u.dll

[-] 2005-01-14 05:07 395776 94456045BEB4545B5EBE1DCC85951AFA c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2005-04-28 19:35 396288 DA383FB39A6F1C445F3AFC94B3EB1248 c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-07-26 04:20 398336 C369DF215D352B6F3A0B8C3469AA34F8 c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2009-02-09 10:01 401408 24B5D53B9ACCC1E2EDCF0A878D6659D4 c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2009-02-09 12:10 401408 6B27A5C03DFB94B4245739065431322C c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 10:56 401408 9222562D44021B988B9F9F62207FB6F2 c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 10:20 399360 01095FEBF33BEEA00C2A0730B9B3EC28 c:\windows\system32\rpcss.dll
[-] 2009-02-09 10:20 399360 01095FEBF33BEEA00C2A0730B9B3EC28 c:\windows\system32\dllcache\rpcss.dll

[-] 2004-08-04 12:00 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\msgsvc.dll

[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\system32\comctl32.dll
[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\system32\dllcache\comctl32.dll
[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\InstallTemp\1815851\comctl32.dll
[-] 2001-08-23 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\InstallTemp\56717\comctl32.dll
[-] 2004-08-04 12:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 12:00 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 12:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[-] 2004-08-04 12:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys

[-] 2004-08-04 12:00 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\sfc.dll

[-] 2004-08-04 12:00 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\netlogon.dll

[-] 2004-08-04 08:56 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\qmgr.dll

[-] 2004-08-04 12:00 180224 0F78E27F563F2AAF74B91A49E2ABF19A c:\windows\system32\scecli.dll

[-] 2004-08-04 12:00 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\drivers\asyncmac.sys

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\system32\drivers\ntfs.sys

[-] 2004-08-04 08:56 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\system32\srsvc.dll

[-] 2004-08-04 12:00 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\wscntfy.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2007-12-19 700928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-05 148888]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 15:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-04 22:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^TimeLeft.lnk]
backup=c:\windows\pss\TimeLeft.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\On2Share
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=3 (0x3)
"vmount2"=3 (0x3)
"VMnetDHCP"=3 (0x3)
"VMAuthdService"=3 (0x3)
"StarWindService"=2 (0x2)
"SoundMAX Agent Service (default)"=2 (0x2)
"FileZilla Server"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"SQLAgent$SONY_MEDIAMGR"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$SONY_MEDIAMGR"=3 (0x3)
"NoIPDUCService"=2 (0x2)
"ERSvc"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"idsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"usnjsvc"=3 (0x3)
"gusvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= c:\program files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= c:\program files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP"= 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"c:\\Program Files\\Soulseek\\slsk.exe"= c:\program files\Soulseek\slsk.exe:*:Enabled:SoulSeek
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"= c:\program files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server
"c:\\Program Files\\uTorrent\\utorrent.exe"= c:\program files\uTorrent\utorrent.exe:*:Enabled:µTorrent
"c:\\Program Files\\mIRC\\mirc.exe"= c:\program files\mIRC\mirc.exe:*:Enabled:mIRC
"c:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"= c:\program files\Nero\Nero 7\Core\nero.exe:*:Enabled:Nero Express
"c:\\Program Files\\Opera\\Opera.exe"= c:\program files\Opera\Opera.exe:*:Enabled:Opera Internet Browser
"c:\\Program Files\\FileZilla\\FileZilla.exe"= c:\program files\FileZilla\FileZilla.exe:*:Enabled:FileZilla
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= c:\program files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= c:\program files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"c:\\Program Files\\Soulseek-Test\\slsk.exe"= c:\program files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"= c:\program files\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer Enterprise Edition for Win32
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"c:\\Program Files\\IEPro\\MiniDM.exe"= c:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"= c:\program files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP"= 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/4/2009 7:31 PM 335240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 10:53 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 10:53 AM 72944]
R1 UserPort;UserPort;c:\windows\system32\drivers\UserPort.sys [4/27/2007 12:40 PM 4256]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/4/2009 7:31 PM 297752]
R2 B2Ether;Basilisk II Ethernet Driver;c:\windows\system32\drivers\B2Ether.sys [4/2/2008 12:06 PM 8686]
R2 cdenable;cdenable;c:\windows\system32\drivers\cdenable.sys [2/23/2007 3:31 PM 6112]
R2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files\Icecast2 Win32\icecastService.exe [4/20/2009 10:50 AM 417792]
S1 a7bdc859;a7bdc859;c:\windows\system32\drivers\a7bdc859.sys --> c:\windows\system32\drivers\a7bdc859.sys [?]
S2 EMSLink;EMS Inter-Link driver V3.0;c:\windows\system32\drivers\EM3Link.sys [3/15/2007 6:53 PM 6176]
S2 EZWINIT2;EZWINIT2;c:\windows\system32\drivers\ezwinit2.sys [12/1/2006 5:00 PM 14848]
S2 EZWRITE2;EZWRITE2;c:\windows\system32\drivers\ezwrite2.sys [12/1/2006 5:00 PM 12544]
S3 Chlsprplnde;Chlsprplnde; [x]
S3 gUSBSTOi;gUSBSTOi; [x]
S3 Httxnetm;Httxnetm; [x]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2/16/2004 7:19 PM 571776]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [9/15/2006 3:48 PM 14095]
S3 ndfs;ndfs;\??\c:\program files\Netdrive\ndfs.sys --> c:\program files\Netdrive\ndfs.sys [?]
S3 SaiH3509;SaiH3509;c:\windows\system32\drivers\SaiH3509.sys [11/3/2005 11:52 AM 176640]
S3 SaiU3509;SaiU3509;c:\windows\system32\drivers\SaiU3509.sys [11/3/2005 11:52 AM 27264]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 10:53 AM 7408]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [7/28/2007 2:04 PM 19677]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
Alerter
LmHosts

.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\s221ogas.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPStreamPlug.dll
FF - plugin: c:\program files\Opera\program\plugins\np32dsw.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npnul32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\npupd62.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 16:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-299502267-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{69CDBD2D-3DC2-9471-EEEB-311F4841D8B5}*]
"oagfbalnehjhfjldogpbkbhhmnhmep"=hex:6b,61,68,6f,6c,65,67,66,62,69,66,69,6a,6b,
63,62,6b,62,61,6f,66,61,00,00
"naifdeiefgbfiklaafbdnnoncolh"=hex:6b,61,68,6f,6c,65,67,66,62,69,66,69,6a,6b,
63,62,6b,62,61,6f,66,61,00,00

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
@Denied: (A) (Everyone)
@="{8D8763AB-E93B-4812-964E-F04E0008FD50}"
"{21701DD0-9D7E-43f7-A1B2-E92ED6E90A51}"=hex:19,df,b8,7f,45,7e,d5,ef,6e,bd,b0,
90,2b,e7,6d,01,49,7c,a6,72,a0,b0,79,8c,03,46,c7,01
"GlobalState"=hex:5f,bf,33,34,6a,e3,ea,65,92,1b,32,8b,f6,11,c4,e0,43,ee,e8,64

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_LOCAL_MACHINE\systemSystem\ControlSet001\Enum\ACPI\PNP0F13\0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff

[HKEY_LOCAL_MACHINE\systemSystem\ControlSet001\Enum\HID\Vid_046d&Pid_c504&MI_01&Col01\7&2ba7d8ca&0&0000]
@DACL=(02 0000)
"Capabilities"=dword:000000a0
"UINumber"=dword:00000000
"HardwareID"=multi:"HID\\Vid_046d&Pid_c504&Rev_1320&MI_01&Col01\00HID\\Vid_046d&Pid_c504&MI_01&Col01\00HID_DEVICE_SYSTEM_MOUSE\00HID_DEVICE_UP:0001_U:0002\00HID_DEVICE\00\00"
"CompatibleIDs"=multi:"\00\00"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Class"="Mouse"
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\\0001"
"LowerFilters"=multi:"LHidFlt2\00\00"
"UpperFilters"=multi:"LMouFlt2\00\00"
"Mfg"="Logitech"
"Service"="mouhid"
"DeviceDesc"="HID-compliant Cordless Mouse"
"ConfigFlags"=dword:00000020

[HKEY_LOCAL_MACHINE\systemSystem\ControlSet001\Enum\HID\Vid_046d&Pid_c504&MI_01&Col04\7&2ba7d8ca&0&0003]
@DACL=(02 0000)
"Capabilities"=dword:000000a0
"UINumber"=dword:00000000
"HardwareID"=multi:"HID\\Vid_046d&Pid_c504&Rev_1320&MI_01&Col04\00HID\\Vid_046d&Pid_c504&MI_01&Col04\00HID_DEVICE_SYSTEM_MOUSE\00HID_DEVICE_UP:0001_U:0002\00HID_DEVICE\00\00"
"CompatibleIDs"=multi:"\00\00"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Class"="Mouse"
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\\0002"
"Mfg"="Logitech"
"Service"="mouhid"
"DeviceDesc"="HID-compliant Cordless Mouse"
"ConfigFlags"=dword:00000020

[HKEY_LOCAL_MACHINE\systemSystem\ControlSet003\Enum\ACPI\PNP0F13\0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff

[HKEY_LOCAL_MACHINE\systemSystem\ControlSet003\Enum\HID\Vid_046d&Pid_c504&MI_01&Col01\7&2ba7d8ca&0&0000]
@DACL=(02 0000)
"Capabilities"=dword:000000a0
"UINumber"=dword:00000000
"HardwareID"=multi:"HID\\Vid_046d&Pid_c504&Rev_1320&MI_01&Col01\00HID\\Vid_046d&Pid_c504&MI_01&Col01\00HID_DEVICE_SYSTEM_MOUSE\00HID_DEVICE_UP:0001_U:0002\00HID_DEVICE\00\00"
"CompatibleIDs"=multi:"\00\00"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Class"="Mouse"
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\\0001"
"LowerFilters"=multi:"LHidFlt2\00\00"
"UpperFilters"=multi:"LMouFlt2\00\00"
"Mfg"="Logitech"
"Service"="mouhid"
"DeviceDesc"="HID-compliant Cordless Mouse"
"ConfigFlags"=dword:00000020

[HKEY_LOCAL_MACHINE\systemSystem\ControlSet003\Enum\HID\Vid_046d&Pid_c504&MI_01&Col04\7&2ba7d8ca&0&0003]
@DACL=(02 0000)
"Capabilities"=dword:000000a0
"UINumber"=dword:00000000
"HardwareID"=multi:"HID\\Vid_046d&Pid_c504&Rev_1320&MI_01&Col04\00HID\\Vid_046d&Pid_c504&MI_01&Col04\00HID_DEVICE_SYSTEM_MOUSE\00HID_DEVICE_UP:0001_U:0002\00HID_DEVICE\00\00"
"CompatibleIDs"=multi:"\00\00"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Class"="Mouse"
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\\0002"
"Mfg"="Logitech"
"Service"="mouhid"
"DeviceDesc"="HID-compliant Cordless Mouse"
"ConfigFlags"=dword:00000020
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2504)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Windows Live\Mail\wlmail.exe
c:\program files\Opera\opera.exe
c:\program files\Avanquest\PowerDesk\PDExplo.exe
c:\program files\Pdesk.exe
c:\program files\Pidgin\pidgin.exe
c:\program files\Winamp\winamp.exe
c:\program files\uTorrent\utorrent.exe
c:\windows\system32\devldr32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\locator.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
.
**************************************************************************
.
Completion time: 2009-08-11 17:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-11 20:00

Pre-Run: 13,666,217,984 bytes free
Post-Run: 13,602,590,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /sos

1012 --- E O F --- 2009-07-31 01:22

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:05 AM

Posted 12 August 2009 - 09:52 AM

Download and run this tool and then check your connection.

http://majorgeeks.com/WinSock_XP_Fix_d4372.html


Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Driver::
a7bdc859
Chlsprplnde
gUSBSTOi
Httxnetm

File::
C:\rrhnqdo.exe

RegLock::
[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version]
[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


=====================



Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 silvertree

silvertree
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 12 August 2009 - 11:34 AM

Network is back up. Thank you.

Here is the Combofix log.

***


ComboFix 09-08-10.06 - John 08/12/2009 12:58.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.575 [GMT -3:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\John\Desktop\cfScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"C:\rrhnqdo.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\rrhnqdo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CHLSPRPLNDE
-------\Legacy_GUSBSTOI
-------\Service_a7bdc859
-------\Service_Chlsprplnde
-------\Service_gUSBSTOi
-------\Service_Httxnetm


((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.

2009-08-12 16:05 . 2009-08-12 16:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\temp
2009-08-12 16:05 . 2009-08-12 16:05 -------- d-----w- c:\documents and settings\NetworkService\AppData\Local\temp
2009-08-12 16:05 . 2009-08-12 16:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\temp
2009-08-12 16:05 . 2009-08-12 16:05 -------- d-----w- c:\documents and settings\LocalService\AppData\Local\temp
2009-08-12 16:05 . 2009-08-12 16:05 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\temp
2009-08-12 16:05 . 2009-08-12 16:05 -------- d-----w- c:\documents and settings\John\AppData\Local\temp
2009-08-12 16:05 . 2009-08-12 16:05 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\temp
2009-08-12 16:05 . 2009-08-12 16:05 -------- d-----w- c:\documents and settings\Guest\AppData\Local\temp
2009-08-12 16:05 . 2009-08-12 16:05 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\temp
2009-08-12 16:05 . 2009-08-12 16:05 -------- d-----w- c:\documents and settings\Administrator\AppData\Local\temp
2009-08-11 20:01 . 2009-08-11 20:01 -------- d-----w- c:\documents and settings\NetworkService\AppData
2009-08-11 20:01 . 2009-08-11 20:01 -------- d-----w- c:\documents and settings\LocalService\AppData
2009-08-11 20:01 . 2009-08-11 20:01 -------- d-----w- c:\documents and settings\John\AppData
2009-08-11 20:01 . 2009-08-11 20:01 -------- d-----w- c:\documents and settings\Guest\AppData
2009-08-11 20:01 . 2009-08-11 20:01 -------- d-----w- c:\documents and settings\Administrator\AppData
2009-08-11 19:44 . 2004-08-04 12:00 1580544 ----a-w- c:\windows\system32\sfcfiles.dll
2009-08-07 22:11 . 2009-08-07 22:11 -------- d-----w- c:\program files\JRE
2009-08-07 18:23 . 2009-08-07 18:23 -------- d-sh--w- c:\documents and settings\John\UserData
2009-08-07 01:34 . 2009-08-07 02:27 -------- d-----w- c:\documents and settings\John\DoctorWeb
2009-08-06 19:39 . 2009-08-06 19:39 -------- d-----w- c:\windows\ERUNT
2009-08-06 19:37 . 2009-08-06 20:20 -------- d-----w- C:\SDFix
2009-08-05 13:01 . 2009-08-05 13:01 -------- d-----w- c:\documents and settings\John\Application Data\Malwarebytes
2009-08-05 13:01 . 2009-08-03 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-05 13:00 . 2009-08-05 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-05 13:00 . 2009-08-03 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-05 13:00 . 2009-08-05 13:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-05 04:41 . 2009-08-08 02:39 117760 ----a-w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-05 04:41 . 2009-08-05 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-05 04:41 . 2009-08-05 15:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-05 04:41 . 2009-08-05 04:41 -------- d-----w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com
2009-08-05 03:38 . 2009-08-05 03:38 -------- d-----w- c:\program files\Trend Micro
2009-08-04 22:34 . 2009-08-08 04:57 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-04 22:31 . 2009-08-04 22:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-04 22:31 . 2009-08-10 21:53 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-04 22:31 . 2009-08-04 22:31 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-04 22:31 . 2009-08-04 22:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-04 20:59 . 2009-08-05 13:08 -------- d-sh--w- c:\windows\java updater
2009-08-04 20:59 . 2009-08-04 20:59 4 ----a-w- c:\documents and settings\John\Application Data\NP.sys
2009-08-04 20:58 . 2009-08-07 03:58 -------- d-----w- c:\program files\Common Files\Microsoft Update Engine
2009-07-30 05:59 . 2009-07-30 05:59 1201 ----a-w- c:\documents and settings\John\Application Data\.purple\certificates\x509\tls_peers\login.facebook.com
2009-07-27 23:24 . 2009-07-27 23:25 -------- d-----w- c:\program files\nandub
2009-07-19 22:14 . 2009-07-19 22:14 25214 ----a-r- c:\documents and settings\John\Application Data\Microsoft\Installer\{CE378F36-E404-4244-A33F-F50A2A6D31BD}\ARPPRODUCTICON.exe
2009-07-19 22:14 . 2009-07-19 22:14 -------- d-----w- c:\program files\Pro Imaging Powertoys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 16:11 . 2007-08-28 00:35 -------- d-----w- c:\documents and settings\John\Application Data\.purple
2009-08-12 16:08 . 2006-09-19 16:04 -------- d-----w- c:\documents and settings\John\Application Data\uTorrent
2009-08-12 16:05 . 2008-09-27 21:50 2884 ----a-w- c:\program files\Toolbar1.pdc
2009-08-12 15:56 . 2009-05-27 11:36 -------- d-----w- c:\program files\megui
2009-08-11 21:02 . 2006-10-11 06:38 -------- d-----w- c:\program files\Intel
2009-08-11 19:35 . 2006-09-20 19:29 -------- d-----w- c:\program files\PS TO USB CONVERTOR
2009-08-08 11:42 . 2009-01-19 22:49 1 ----a-w- c:\documents and settings\John\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-07 23:39 . 2006-09-24 06:58 38784 ----a-w- c:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-07 22:11 . 2009-01-19 22:44 -------- d-----w- c:\program files\OpenOffice.org 3
2009-08-07 22:06 . 2006-04-03 17:28 -------- d-----w- c:\program files\Java
2009-08-05 23:58 . 2006-09-15 18:11 -------- d-----w- c:\program files\Opera
2009-08-05 20:12 . 2008-01-27 20:44 -------- d-----w- c:\program files\Lavasoft
2009-08-05 20:12 . 2008-01-27 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-05 17:52 . 2008-01-30 04:48 -------- d-----w- c:\documents and settings\John\Application Data\FileZilla
2009-08-05 05:31 . 2008-09-20 23:44 -------- d-----w- c:\program files\ACDSee32
2009-08-05 04:40 . 2008-09-08 02:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-05 02:41 . 2008-09-08 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-08-04 21:13 . 2006-10-27 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-04 17:33 . 2009-06-21 01:56 -------- d-----w- c:\program files\XBMC
2009-08-03 23:35 . 2009-07-07 23:02 -------- d-----w- c:\documents and settings\John\Application Data\vlc
2009-07-31 01:48 . 2007-03-16 23:29 272 ----a-w- c:\windows\system32\RfmDat2.dat
2009-07-31 01:24 . 2009-05-02 18:34 -------- d-----w- c:\program files\Common Files\Portrait Displays
2009-07-31 00:44 . 2005-04-11 12:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-31 00:43 . 2009-05-02 18:36 -------- d-----w- c:\documents and settings\John\Application Data\DisplayTune
2009-07-30 22:36 . 2006-09-19 16:08 -------- d-----w- c:\program files\Soulseek
2009-07-30 21:51 . 2007-11-25 19:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-30 16:43 . 2009-06-04 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek
2009-07-27 23:28 . 2008-01-26 05:51 -------- d-----w- c:\program files\virtualdub
2009-07-20 01:10 . 2006-09-20 15:48 -------- d-----w- c:\documents and settings\John\Application Data\Mp3tag
2009-07-19 21:31 . 2008-10-01 14:12 -------- d-----w- c:\program files\Google
2009-07-18 01:09 . 2008-10-20 15:19 875 ----a-w- c:\program files\oggdropXPd.ini
2009-07-17 16:40 . 2008-04-04 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-07-17 15:06 . 2008-01-27 19:54 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-07-17 14:40 . 2008-01-27 19:35 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-07-17 14:05 . 2009-04-17 00:43 -------- d-----w- c:\program files\SHOUTcast
2009-07-17 14:05 . 2007-11-13 14:16 -------- d-----w- c:\program files\Project64 1.6
2009-07-17 14:05 . 2007-09-27 02:24 -------- d-----w- c:\program files\MP3Gain
2009-07-17 14:05 . 2009-05-06 15:54 -------- d-----w- c:\documents and settings\John\Application Data\XBMC
2009-07-17 14:05 . 2008-06-07 16:48 -------- d-----w- c:\documents and settings\John\Application Data\iTag
2009-07-17 14:05 . 2007-11-25 19:39 -------- d-----w- c:\documents and settings\John\Application Data\FastSum
2009-07-17 12:49 . 2006-09-19 17:09 -------- d-----w- c:\documents and settings\John\Application Data\VMware
2009-07-17 12:49 . 2009-04-05 14:47 -------- d-----w- c:\program files\WinImage 81
2009-07-17 10:44 . 2009-07-17 10:44 118784 ----a-w- c:\windows\Web\Wallpaper\The Legend of Zelda Four Swords Adventures.exe
2009-07-17 10:44 . 2009-05-09 19:49 -------- d-----w- c:\program files\StepMania
2009-07-17 10:43 . 2008-02-03 19:43 -------- d-----w- c:\program files\ScanSoft
2009-07-17 10:42 . 2008-02-03 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-07-17 10:40 . 2009-06-21 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2009-07-17 10:38 . 2007-10-26 23:11 -------- d-----w- c:\program files\Ootake
2009-07-17 10:38 . 2007-11-17 19:50 -------- d-----w- c:\program files\MediaMonkey
2009-07-17 10:37 . 2008-10-19 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMonkey
2009-07-17 10:35 . 2009-05-09 20:48 -------- d-----w- c:\program files\Frets on Fire
2009-07-15 16:43 . 2009-05-02 18:34 17136 ----a-w- c:\windows\system32\drivers\PdiPorts.sys
2009-07-14 18:55 . 2008-09-20 21:43 -------- d-----w- c:\documents and settings\John\Application Data\foobar2000
2009-07-14 01:16 . 2006-09-15 18:16 -------- d-----w- c:\program files\Winamp
2009-07-13 23:37 . 2006-09-20 22:46 7921928 ----a-w- c:\program files\Winamp.rar
2009-07-13 01:18 . 2006-09-17 03:10 -------- d-----w- c:\program files\GetRight
2009-07-11 15:40 . 2009-03-12 18:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-10 23:10 . 2009-07-10 23:10 967912 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-07-10 13:35 . 2008-10-20 13:37 3100160 ----a-w- c:\program files\oggdropXPd.exe
2009-07-10 12:36 . 2009-07-10 12:36 2095 ----a-w- c:\documents and settings\John\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2009-07-08 19:24 . 2008-08-26 22:32 293 ----a-w- c:\program files\lamedropXPd.ini
2009-07-07 15:05 . 2008-12-11 18:57 -------- d-----w- c:\program files\Wolfenstein - Enemy Territory
2009-07-05 23:34 . 2009-05-03 17:43 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-05 23:30 . 2009-06-16 03:26 152576 ----a-w- c:\documents and settings\John\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-05 01:43 . 2009-07-05 01:43 2141 ----a-w- c:\documents and settings\John\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-07-02 02:49 . 2006-11-20 17:35 -------- d-----w- c:\program files\7-Zip
2009-07-02 02:49 . 2006-10-27 00:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-01 21:02 . 2009-07-01 21:02 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-01 21:02 . 2007-02-01 13:15 -------- d-----w- c:\program files\Common Files\Real
2009-07-01 03:10 . 2007-08-28 00:33 -------- d-----w- c:\program files\Pidgin
2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-26 19:22 . 2007-08-28 00:42 -------- d-----w- c:\documents and settings\John\Application Data\gtk-2.0
2009-06-25 01:54 . 2008-10-20 14:50 5683 ----a-w- c:\program files\lameENCdrop.log
2009-06-24 19:42 . 2008-08-28 03:03 -------- d-----w- c:\program files\MKVExtractGUI-1.6.4.1
2009-06-23 01:22 . 2008-06-07 16:48 -------- d-----w- c:\program files\iTag
2009-06-21 16:44 . 2007-09-12 05:13 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-06-21 16:19 . 2006-09-15 18:17 -------- d-----w- c:\program files\ffdshow
2009-06-21 15:49 . 2008-08-28 03:04 -------- d-----w- c:\program files\MKVtoolnix
2009-06-21 14:34 . 2009-06-21 14:26 -------- d-----w- c:\documents and settings\John\Application Data\FLV Extract
2009-06-21 14:25 . 2009-06-21 14:25 -------- d-----w- c:\program files\flv Extract
2009-06-21 14:07 . 2009-06-21 14:07 -------- d-----w- c:\program files\WMV9_VCM
2009-06-21 14:06 . 2009-06-21 14:06 -------- d-----w- c:\documents and settings\John\Application Data\River Past G5
2009-06-21 14:01 . 2008-06-08 23:52 -------- d-----w- c:\program files\Avidemux 2.4
2009-06-20 20:10 . 2009-06-20 20:10 390664 ----a-w- c:\documents and settings\John\Application Data\Real\RealPlayer\setup\AU_setup.exe
2009-06-17 00:38 . 2009-06-17 00:38 106557 ----a-w- c:\windows\system32\btw_ci.dll
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 03:18 . 2009-05-04 12:38 -------- d-----w- c:\program files\BandwidthMonitor
2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2008-10-20 20:41 . 2008-10-20 20:41 1488 ----a-w- c:\program files\GenreData.txt
2008-09-24 21:47 . 2008-10-20 14:07 754688 ----a-w- c:\program files\lamedropXPd3.exe
2008-09-15 13:23 . 2009-03-29 14:38 86528 ----a-w- c:\program files\unstopcp.exe
2008-09-08 02:02 . 2008-09-08 02:01 27473963 ----a-w- c:\program files\PowerDesk.7z
2008-05-01 22:26 . 2008-05-01 22:26 182784 ----a-w- c:\program files\DirToTxt.exe
2008-03-27 12:40 . 2008-03-27 12:40 14560 ----a-w- c:\program files\envvar.gif
2004-10-01 18:00 . 2006-10-27 02:44 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2004-07-29 16:34 . 2008-09-27 21:50 753664 ----a-w- c:\program files\Pdesk.exe
2001-11-13 04:00 . 2009-05-11 16:05 78848 ----a-w- c:\program files\ShareWatch.exe
2006-02-23 12:16 . 2008-01-25 21:44 34048 ----a-w- c:\program files\mozilla firefox\plugins\upd62i9x.dll
2006-02-23 12:16 . 2008-01-25 21:44 45056 ----a-w- c:\program files\mozilla firefox\plugins\upd62int.dll
2006-02-23 12:16 . 2008-01-25 21:44 34048 ----a-w- c:\program files\opera\program\plugins\upd62i9x.dll
2006-02-23 12:16 . 2008-01-25 21:44 45056 ----a-w- c:\program files\opera\program\plugins\upd62int.dll
2006-05-03 09:06 . 2009-06-16 03:43 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-06-16 03:43 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2009-06-16 03:43 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2008-05-15 22:47 502272 6225F14B8CE08CCBA8B25AD27843C674 c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-08-11_19.53.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-12 16:08 . 2009-08-12 16:08 16384 c:\windows\Temp\Perflib_Perfdata_6f8.dat
+ 2008-08-29 04:37 . 2008-08-28 21:37 41080 c:\windows\system32\NicInstG.dll
- 2008-08-29 04:37 . 2008-08-29 04:37 41080 c:\windows\system32\NicInstG.dll
+ 2009-08-11 21:02 . 2009-08-11 21:02 40960 c:\windows\Installer\{888019C0-54D4-40C2-9274-27B9DAB17017}\ARPPRODUCTICON.exe
+ 2009-08-12 16:05 . 2009-08-12 16:05 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-11 19:37 . 2009-08-11 19:37 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-11 19:37 . 2009-08-11 19:37 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-12 16:05 . 2009-08-12 16:05 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2001-06-22 15:25 . 2009-02-13 16:23 256640 c:\windows\system32\Prounstl.exe
+ 2009-03-06 16:54 . 2009-03-06 16:54 180224 c:\windows\system32\Ncs2Setp.dll
+ 2003-08-06 19:23 . 2007-12-14 16:06 121440 c:\windows\system32\e1000msg.dll
- 2003-08-06 19:23 . 2007-12-15 00:06 121440 c:\windows\system32\e1000msg.dll
+ 2004-08-04 12:00 . 2004-08-04 02:14 359040 c:\windows\system32\drivers\tcpip.sys
- 2003-08-14 17:46 . 2008-08-21 01:18 171152 c:\windows\system32\drivers\e1000325.sys
+ 2003-08-14 17:46 . 2008-08-20 18:18 171152 c:\windows\system32\drivers\e1000325.sys
+ 2005-04-11 12:05 . 2005-05-26 08:16 194328 c:\windows\system32\dllcache\wuaueng1.dll
+ 2005-04-11 12:05 . 2005-05-26 08:16 172312 c:\windows\system32\dllcache\wuauclt1.exe
+ 2005-09-20 19:17 . 2005-09-20 19:17 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-08-12 16:05 . 2009-08-12 16:05 229376 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2009-08-12 16:05 . 2009-08-12 16:05 389120 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-11 19:37 . 2009-08-11 19:37 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-12 16:05 . 2009-08-12 16:05 229376 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-11 21:02 . 2009-08-11 21:02 5116416 c:\windows\Installer\3235f2.msi
+ 2009-08-12 16:05 . 2009-08-12 16:05 13905920 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
- 2009-08-11 19:37 . 2009-08-11 19:37 13905920 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2007-12-19 700928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-05 148888]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 15:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-04 22:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
backup=c:\windows\pss\GetRight - Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^TimeLeft.lnk]
backup=c:\windows\pss\TimeLeft.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VMware NAT Service"=3 (0x3)
"vmount2"=3 (0x3)
"VMnetDHCP"=3 (0x3)
"VMAuthdService"=3 (0x3)
"StarWindService"=2 (0x2)
"SoundMAX Agent Service (default)"=2 (0x2)
"FileZilla Server"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"SQLAgent$SONY_MEDIAMGR"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$SONY_MEDIAMGR"=3 (0x3)
"NoIPDUCService"=2 (0x2)
"ERSvc"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"idsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"usnjsvc"=3 (0x3)
"gusvc"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/4/2009 7:31 PM 335240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 10:53 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 10:53 AM 72944]
R1 UserPort;UserPort;c:\windows\system32\drivers\UserPort.sys [4/27/2007 12:40 PM 4256]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/4/2009 7:31 PM 297752]
R2 B2Ether;Basilisk II Ethernet Driver;c:\windows\system32\drivers\B2Ether.sys [4/2/2008 12:06 PM 8686]
R2 cdenable;cdenable;c:\windows\system32\drivers\cdenable.sys [2/23/2007 3:31 PM 6112]
R2 Icecast-trunk;Icecast-trunk Streaming Media Server;c:\program files\Icecast2 Win32\icecastService.exe [4/20/2009 10:50 AM 417792]
S2 EMSLink;EMS Inter-Link driver V3.0;c:\windows\system32\drivers\EM3Link.sys [3/15/2007 6:53 PM 6176]
S2 EZWINIT2;EZWINIT2;c:\windows\system32\drivers\ezwinit2.sys [12/1/2006 5:00 PM 14848]
S2 EZWRITE2;EZWRITE2;c:\windows\system32\drivers\ezwrite2.sys [12/1/2006 5:00 PM 12544]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2/16/2004 7:19 PM 571776]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [9/15/2006 3:48 PM 14095]
S3 ndfs;ndfs;\??\c:\program files\Netdrive\ndfs.sys --> c:\program files\Netdrive\ndfs.sys [?]
S3 SaiH3509;SaiH3509;c:\windows\system32\drivers\SaiH3509.sys [11/3/2005 11:52 AM 176640]
S3 SaiU3509;SaiU3509;c:\windows\system32\drivers\SaiU3509.sys [11/3/2005 11:52 AM 27264]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 10:53 AM 7408]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [7/28/2007 2:04 PM 19677]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\s221ogas.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 13:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-299502267-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{69CDBD2D-3DC2-9471-EEEB-311F4841D8B5}*]
"oagfbalnehjhfjldogpbkbhhmnhmep"=hex:6b,61,68,6f,6c,65,67,66,62,69,66,69,6a,6b,
63,62,6b,62,61,6f,66,61,00,00
"naifdeiefgbfiklaafbdnnoncolh"=hex:6b,61,68,6f,6c,65,67,66,62,69,66,69,6a,6b,
63,62,6b,62,61,6f,66,61,00,00

[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c504&MI_01&Col01\7&2ba7d8ca&0&0000]
@DACL=(02 0000)
"Capabilities"=dword:000000a0
"UINumber"=dword:00000000
"HardwareID"=multi:"HID\\Vid_046d&Pid_c504&Rev_1320&MI_01&Col01\00HID\\Vid_046d&Pid_c504&MI_01&Col01\00HID_DEVICE_SYSTEM_MOUSE\00HID_DEVICE_UP:0001_U:0002\00HID_DEVICE\00\00"
"CompatibleIDs"=multi:"\00\00"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Class"="Mouse"
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\\0001"
"LowerFilters"=multi:"LHidFlt2\00\00"
"UpperFilters"=multi:"LMouFlt2\00\00"
"Mfg"="Logitech"
"Service"="mouhid"
"DeviceDesc"="HID-compliant Cordless Mouse"
"ConfigFlags"=dword:00000020

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_046d&Pid_c504&MI_01&Col04\7&2ba7d8ca&0&0003]
@DACL=(02 0000)
"Capabilities"=dword:000000a0
"UINumber"=dword:00000000
"HardwareID"=multi:"HID\\Vid_046d&Pid_c504&Rev_1320&MI_01&Col04\00HID\\Vid_046d&Pid_c504&MI_01&Col04\00HID_DEVICE_SYSTEM_MOUSE\00HID_DEVICE_UP:0001_U:0002\00HID_DEVICE\00\00"
"CompatibleIDs"=multi:"\00\00"
"ClassGUID"="{4D36E96F-E325-11CE-BFC1-08002BE10318}"
"Class"="Mouse"
"Driver"="{4D36E96F-E325-11CE-BFC1-08002BE10318}\\0002"
"Mfg"="Logitech"
"Service"="mouhid"
"DeviceDesc"="HID-compliant Cordless Mouse"
"ConfigFlags"=dword:00000020
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Logitech\iTouch\iTchHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Windows Live\Mail\wlmail.exe
c:\program files\Opera\opera.exe
c:\program files\Avanquest\PowerDesk\PDExplo.exe
c:\program files\Pdesk.exe
c:\program files\Pidgin\pidgin.exe
c:\program files\Winamp\winamp.exe
c:\program files\uTorrent\utorrent.exe
c:\windows\system32\devldr32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\locator.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-12 13:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-12 16:15
ComboFix2.txt 2009-08-11 20:01

Pre-Run: 13,195,173,888 bytes free
Post-Run: 13,192,941,568 bytes free

460 --- E O F --- 2009-07-31 01:22

#10 silvertree

silvertree
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 12 August 2009 - 02:50 PM

Malwarebytes' Anti-Malware 1.40
Database version: 2611
Windows 5.1.2600 Service Pack 2

8/12/2009 4:49:02 PM
mbam-log-2009-08-12 (16-49-02).txt

Scan type: Full Scan (C:\|D:\|G:\|W:\|X:\|)
Objects scanned: 409656
Time elapsed: 2 hour(s), 9 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\recovered\rotodrive 1g\Windows XP SP2 Activation Crack THE GOOD ONE\antiwpa\AntiWPA_Crypt.dll (Hacktool) -> Quarantined and deleted successfully.

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:05 AM

Posted 12 August 2009 - 04:38 PM

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 silvertree

silvertree
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 12 August 2009 - 05:02 PM

I'd say it is better.

Nothing working badly by any means.

I'm really embarrassed that it got this far, I can usually handle these things on my own. I am very grateful for your assistance.

Thanks, Sam.

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:05 AM

Posted 13 August 2009 - 11:58 AM

I'm glad I could help out! :)


We need to remove Combofix now that we're done with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:05 AM

Posted 05 September 2009 - 10:18 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users