Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected wih unknown virus/malware


  • This topic is locked This topic is locked
21 replies to this topic

#1 blov10

blov10

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 23 September 2009 - 06:56 AM

Hello,

A couple days ago, my wife opened an email and since then IE8 and Firefox will work for a few minutes and then they will lose connection to the internet. Firefox says "the connection was reset while the page was loading." If I restart the computer, IE8 and Firefox will work again but only for a few minutes. I noticed that while surfing when the internet is working, the pages load very slow. I've ran the Malwarebytes software, along with Ad-Aware and it hasn't changed much. I have yet to run my AVG anti-virus. I have also included my hijackthis log. I compared the log between my infected computer and my laptop which was just fixed by the helpful people here and there were some major differences but I'm not at all comfortable deleting things when it comes to this. I did notice that there are some OUTPOST FIREWALL entries in there. I had this firewall years ago and removed it but it seems that there are still entries on the computer. How can I remove these?

Here are my logs:


DDS (Ver_09-07-30.01) - NTFSx86
Run by Ben Lotvedt at 6:43:37.45 on Wed 09/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.380 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! antivirus 4.5.561 [VPS 0507-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
StartupFolder: c:\docume~1\benlot~1\startm~1\programs\startup\mlbtvn~1.lnk - c:\documents and settings\ben lotvedt\local settings\application data\autobahn\mlb-nexdef-autobahn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://www.microsoft.com/security/controls/WebCleaner.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1204848275734
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179680897312
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {885BB46A-3F1E-44C3-A01B-A7D9260CC98B} - hxxp://updates.installshield.com/CAB/dwusplay.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\benlot~1\applic~1\mozilla\firefox\profiles\6hf7nlkf.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\ben lotvedt\application data\mozilla\firefox\profiles\6hf7nlkf.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-31 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-19 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-15 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-19 108552]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-9-12 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-19 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-19 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-6-3 92008]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-9-12 65576]
S1 SandBox;Outpost Firewall Sandbox Driver;\??\c:\program files\agnitum\outpost firewall\kernel\sandbox.sys --> c:\program files\agnitum\outpost firewall\kernel\Sandbox.SYS [?]
S1 VFILT;Outpost Firewall Kernel Driver;\??\c:\program files\agnitum\outpost firewall\kernel\filtnt.sys --> c:\program files\agnitum\outpost firewall\kernel\FILTNT.SYS [?]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\adblock.dll --> c:\program files\agnitum\outpost firewall\kernel\ADBLOCK.DLL [?]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\arp.dll --> c:\program files\agnitum\outpost firewall\kernel\ARP.DLL [?]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\content.dll --> c:\program files\agnitum\outpost firewall\kernel\CONTENT.DLL [?]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\dnscache.dll --> c:\program files\agnitum\outpost firewall\kernel\DNSCACHE.DLL [?]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\ftpfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\FTPFILT.DLL [?]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2002-8-29 14336]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\htmlfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\HTMLFILT.DLL [?]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\httpfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\HTTPFILT.DLL [?]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\imapfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\IMAPFILT.DLL [?]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\mailfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\MAILFILT.DLL [?]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\nntpfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\NNTPFILT.DLL [?]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\pop3filt.dll --> c:\program files\agnitum\outpost firewall\kernel\POP3FILT.DLL [?]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\protect.dll --> c:\program files\agnitum\outpost firewall\kernel\PROTECT.DLL [?]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\secret.dll --> c:\program files\agnitum\outpost firewall\kernel\SECRET.DLL [?]

=============== Created Last 30 ================

2009-09-22 18:29 <DIR> --d----- c:\program files\iTunes
2009-09-22 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-22 08:03 202,072 a----r-- c:\windows\system32\cpnprt2.cid
2009-09-17 16:55 <DIR> --d----- c:\program files\Western Digital
2009-09-12 20:08 65,576 a------- c:\windows\system32\drivers\SbFwIm.sys
2009-09-12 20:08 270,888 a----r-- c:\windows\system32\drivers\SbFw.sys
2009-09-12 20:08 <DIR> --d----- c:\program files\Sunbelt Software
2009-09-12 05:48 <DIR> --d----- c:\docume~1\benlot~1\applic~1\Malwarebytes
2009-09-12 05:47 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-12 05:47 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-12 05:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-12 05:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-11 22:00 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 22:00 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-08 23:11 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-08-25 21:53 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-08-25 21:50 <DIR> --d----- c:\windows\ERUNT
2009-08-25 21:47 <DIR> --d----- C:\SDFix

==================== Find3M ====================

2009-09-21 06:08 15,688 a------- c:\windows\system32\lsdelete.exe
2009-08-24 09:24 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-24 09:24 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-31 12:41 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 08:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 08:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 12:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 12:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 12:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 12:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 12:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 12:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 12:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 12:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 12:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 12:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 12:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 06:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-07-01 02:08 101,376 -------- c:\windows\system32\dllcache\iecompat.dll
2001-08-17 22:36 138,752 a------- c:\documents and settings\ben lotvedt\windowssystem32sndvol32.exe
2008-05-08 06:33 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050820080509\index.dat
2008-05-08 06:34 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
2008-03-13 14:27 16,384 ac-sh--- c:\windows\temp\cookies\index.dat
2008-03-13 14:27 16,384 ac-sh--- c:\windows\temp\history\history.ie5\index.dat
2008-03-13 14:27 49,152 ac-sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 6:46:08.04 ===============

Attached Files


Edited by blov10, 23 September 2009 - 04:36 PM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:40 AM

Posted 10 October 2009 - 07:58 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 blov10

blov10
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 10 October 2009 - 01:49 PM

Hello,

I believe I've fixed the problem. When I ran Malewarebytes quick scan it never found the virus. I ran a full scan and it found:

backdoor.PcClient.

I believe it removed both of the items. I also found the OUTPOST service and shut it off however, I don't have this on my computer anymore. How do i get rid of the service? If a new scan is needed please let me know. I also found that the Kerio Sunbelt Firewall I recently installed was causing connection problems with the internet on both of my computer.

Here is the DDS scan from before:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Ben Lotvedt at 6:43:37.45 on Wed 09/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.380 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! antivirus 4.5.561 [VPS 0507-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
StartupFolder: c:\docume~1\benlot~1\startm~1\programs\startup\mlbtvn~1.lnk - c:\documents and settings\ben lotvedt\local settings\application data\autobahn\mlb-nexdef-autobahn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://www.microsoft.com/security/controls/WebCleaner.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1204848275734
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179680897312
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {885BB46A-3F1E-44C3-A01B-A7D9260CC98B} - hxxp://updates.installshield.com/CAB/dwusplay.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\benlot~1\applic~1\mozilla\firefox\profiles\6hf7nlkf.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\ben lotvedt\application data\mozilla\firefox\profiles\6hf7nlkf.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-31 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-19 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-15 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-19 108552]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-9-12 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-19 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-19 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-6-3 92008]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-9-12 65576]
S1 SandBox;Outpost Firewall Sandbox Driver;\??\c:\program files\agnitum\outpost firewall\kernel\sandbox.sys --> c:\program files\agnitum\outpost firewall\kernel\Sandbox.SYS [?]
S1 VFILT;Outpost Firewall Kernel Driver;\??\c:\program files\agnitum\outpost firewall\kernel\filtnt.sys --> c:\program files\agnitum\outpost firewall\kernel\FILTNT.SYS [?]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\adblock.dll --> c:\program files\agnitum\outpost firewall\kernel\ADBLOCK.DLL [?]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\arp.dll --> c:\program files\agnitum\outpost firewall\kernel\ARP.DLL [?]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\content.dll --> c:\program files\agnitum\outpost firewall\kernel\CONTENT.DLL [?]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\dnscache.dll --> c:\program files\agnitum\outpost firewall\kernel\DNSCACHE.DLL [?]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\ftpfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\FTPFILT.DLL [?]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2002-8-29 14336]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\htmlfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\HTMLFILT.DLL [?]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\httpfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\HTTPFILT.DLL [?]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\imapfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\IMAPFILT.DLL [?]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\mailfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\MAILFILT.DLL [?]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\nntpfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\NNTPFILT.DLL [?]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\pop3filt.dll --> c:\program files\agnitum\outpost firewall\kernel\POP3FILT.DLL [?]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\protect.dll --> c:\program files\agnitum\outpost firewall\kernel\PROTECT.DLL [?]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\secret.dll --> c:\program files\agnitum\outpost firewall\kernel\SECRET.DLL [?]

=============== Created Last 30 ================

2009-09-22 18:29 <DIR> --d----- c:\program files\iTunes
2009-09-22 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-22 08:03 202,072 a----r-- c:\windows\system32\cpnprt2.cid
2009-09-17 16:55 <DIR> --d----- c:\program files\Western Digital
2009-09-12 20:08 65,576 a------- c:\windows\system32\drivers\SbFwIm.sys
2009-09-12 20:08 270,888 a----r-- c:\windows\system32\drivers\SbFw.sys
2009-09-12 20:08 <DIR> --d----- c:\program files\Sunbelt Software
2009-09-12 05:48 <DIR> --d----- c:\docume~1\benlot~1\applic~1\Malwarebytes
2009-09-12 05:47 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-12 05:47 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-12 05:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-12 05:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-11 22:00 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 22:00 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-08 23:11 153,088 -------- c:\windows\system32\dllcache\triedit.dll
2009-09-05 01:54 94,208 a------- c:\windows\system32\QuickTimeVR.qtx
2009-09-05 01:54 69,632 a------- c:\windows\system32\QuickTime.qts
2009-08-25 21:53 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-08-25 21:50 <DIR> --d----- c:\windows\ERUNT
2009-08-25 21:47 <DIR> --d----- C:\SDFix

==================== Find3M ====================

2009-09-21 06:08 15,688 a------- c:\windows\system32\lsdelete.exe
2009-08-24 09:24 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-24 09:24 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-31 12:41 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 08:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 08:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 12:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 12:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 12:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
2009-07-03 12:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 12:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 12:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 12:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 12:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 12:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 12:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 12:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 06:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-07-01 02:08 101,376 -------- c:\windows\system32\dllcache\iecompat.dll
2001-08-17 22:36 138,752 a------- c:\documents and settings\ben lotvedt\windowssystem32sndvol32.exe
2008-05-08 06:33 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050820080509\index.dat
2008-05-08 06:34 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
2008-03-13 14:27 16,384 ac-sh--- c:\windows\temp\cookies\index.dat
2008-03-13 14:27 16,384 ac-sh--- c:\windows\temp\history\history.ie5\index.dat
2008-03-13 14:27 49,152 ac-sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 6:46:08.04 ===============

This post has been edited by blov10: Sep 23 2009, 04:36 PM

Attached File(s)
Attach.txt ( 15.6k ) Number of downloads: 1
RootRepeal_report_09_23_09__06_48_47_.txt ( 5.45k ) Number of downloads: 3
hijackthis.log ( 10.77k ) Number of downloads: 1

Edited by blov10, 10 October 2009 - 01:50 PM.


#4 blov10

blov10
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 15 October 2009 - 05:45 AM

Here are the new DDS scans. It seems whatever I do I can't get the OUTPOST serivce to stay turned off. Also, I turned off the AVG AV like I was asked but it looks like there is also an AVAST! service running. I have never had AVAST AV on my computer. I don't know where that came from.


DDS (Ver_09-10-13.01) - NTFSx86
Run by Ben Lotvedt at 5:40:48.08 on Thu 10/15/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.470 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! antivirus 4.5.561 [VPS 0507-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Documents and Settings\Ben Lotvedt\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://www.microsoft.com/security/controls/WebCleaner.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1204848275734
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179680897312
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {885BB46A-3F1E-44C3-A01B-A7D9260CC98B} - hxxp://updates.installshield.com/CAB/dwusplay.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\benlot~1\applic~1\mozilla\firefox\profiles\6hf7nlkf.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\ben lotvedt\application data\mozilla\firefox\profiles\6hf7nlkf.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-31 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-19 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-19 108552]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-9-29 229304]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-19 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-19 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-9-29 87656]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-6-3 92008]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-9-29 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-9-29 70280]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-9-29 46592]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-9-29 115088]
S1 SandBox;Outpost Firewall Sandbox Driver;\??\c:\program files\agnitum\outpost firewall\kernel\sandbox.sys --> c:\program files\agnitum\outpost firewall\kernel\Sandbox.SYS [?]
S1 VFILT;Outpost Firewall Kernel Driver;\??\c:\program files\agnitum\outpost firewall\kernel\filtnt.sys --> c:\program files\agnitum\outpost firewall\kernel\FILTNT.SYS [?]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\adblock.dll --> c:\program files\agnitum\outpost firewall\kernel\ADBLOCK.DLL [?]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\arp.dll --> c:\program files\agnitum\outpost firewall\kernel\ARP.DLL [?]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\content.dll --> c:\program files\agnitum\outpost firewall\kernel\CONTENT.DLL [?]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\dnscache.dll --> c:\program files\agnitum\outpost firewall\kernel\DNSCACHE.DLL [?]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\ftpfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\FTPFILT.DLL [?]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\htmlfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\HTMLFILT.DLL [?]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\httpfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\HTTPFILT.DLL [?]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\imapfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\IMAPFILT.DLL [?]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\mailfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\MAILFILT.DLL [?]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\nntpfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\NNTPFILT.DLL [?]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\pop3filt.dll --> c:\program files\agnitum\outpost firewall\kernel\POP3FILT.DLL [?]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\protect.dll --> c:\program files\agnitum\outpost firewall\kernel\PROTECT.DLL [?]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\secret.dll --> c:\program files\agnitum\outpost firewall\kernel\SECRET.DLL [?]

=============== Created Last 30 ================

2009-10-11 08:43 <DIR> --d----- c:\program files\common files\Bcgsoft
2009-10-02 18:41 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-29 20:06 <DIR> --d----- c:\docume~1\benlot~1\applic~1\PCToolsFirewallPlus
2009-09-29 20:03 207,280 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-29 20:03 87,656 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-29 20:03 7,412 a------- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-29 20:03 7,383 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-29 20:03 229,304 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-29 20:03 7,387 a------- c:\windows\system32\drivers\pctgntdi.cat
2009-09-29 20:03 70,280 a------- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-09-29 20:03 46,592 a------- c:\windows\system32\drivers\pctNdis.sys
2009-09-29 20:03 32,552 a------- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-09-29 20:03 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-29 20:03 115,088 a------- c:\windows\system32\drivers\pctplfw.sys
2009-09-29 20:03 <DIR> --d----- c:\program files\PC Tools Firewall Plus
2009-09-29 06:21 <DIR> --d----- c:\program files\Everything
2009-09-23 07:07 <DIR> --d----- c:\program files\CCleaner
2009-09-22 18:29 <DIR> --d----- c:\program files\iTunes
2009-09-22 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-22 08:03 202,072 a----r-- c:\windows\system32\cpnprt2.cid
2009-09-17 16:55 <DIR> --d----- c:\program files\Western Digital

==================== Find3M ====================

2009-09-21 06:08 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-11 22:00 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 09:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 16:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 05:35 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 03:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-25 21:53 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-08-24 09:24 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-24 09:24 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 10:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 09:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 09:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 09:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-31 12:41 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-17 11:22 1,435,648 a------- c:\windows\system32\query.dll
2009-07-17 11:22 1,435,648 -------- c:\windows\system32\dllcache\query.dll
2001-08-17 22:36 138,752 a------- c:\documents and settings\ben lotvedt\windowssystem32sndvol32.exe
2008-05-08 06:33 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050820080509\index.dat
2008-05-08 06:34 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
2008-03-13 14:27 16,384 ac-sh--- c:\windows\temp\cookies\index.dat
2008-03-13 14:27 16,384 ac-sh--- c:\windows\temp\history\history.ie5\index.dat
2008-03-13 14:27 49,152 ac-sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 5:42:02.06 ===============

Attached Files


Edited by blov10, 15 October 2009 - 05:48 AM.


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,311 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:40 PM

Posted 20 October 2009 - 02:31 AM

Hello ,
And :( to the Bleeping Computer Malware Removal Forum
, My name is Elise. I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
Please be patient and I'd be grateful if you would note the following:
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem.

Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay
.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,311 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:40 PM

Posted 20 October 2009 - 04:04 AM

Hello blov10,

Please make sure you read also my previous post.

First of all, AVG has a newer version. I recommend you to upgrade to AVG 9

Don't worry about Avast showing up, I think this is just a glitch, I see no evidence whatsoever Avast is on your system :(

I found a solution for your Outpost problem. Please let me know how your computer skills are, so I know whether to give you the link that describes the steps or to write a batch file for you so the removal will be easier.

P2P WARNING
-------------------
Going over your logs I noticed that you have LimeWire installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


FIX HIJACKTHIS ENTRIES
----------------------------------
We need to update your version of Hijackthis to the latest release.
  • Click here to download HijackThis.
  • Save HJTInstall.exe to your Desktop.
  • Double click on the HJTInstall.exe icon to start the program.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis
  • After the final dialogue box it will launch HijackThis.
  • Click on Do a system scan only.
Place a checkmark next to these lines (if still present).

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

Then close all windows except HijackThis and click Fix Checked.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please start MBAM. On the Updates tab, click Check for updates.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include the following:
  • HijackThis log
  • MBAM log

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 blov10

blov10
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 20 October 2009 - 04:10 PM

Hello,

Thanks for the help!

Here are the two scans. I deleted the entry you asked. When I upgraded to AVG9, a dialog box opened up and asked me to uninstall Avast! antivirus 4.5.561 (VPS 0507-2) before continuing. It asked me to skip or uninstall. If I chose uninstall, it said the setup would cancel and open the add/remove programs box. I know that the program isn't located there. I don't know if at one time I did have Avast and there is a registry entry somewhere causing this to happen or not. As far as Limewire goes, it was downloaded a long time ago. I couldn't tell you the last time I actually ran the application. Do I still have a chance at getting infected if the program is on the computer? Another quick question. Recently, I had automatic updates for the .NET framework. One for 1.1 and one for 2.0. Do I need all of the .NET frameworks or is 3.5 SP1 sufficient enough?

If you sent me a link for the removal of the outpost service, I should be able to follow the directions.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:35 PM, on 10/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1204848275734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179680897312
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {885BB46A-3F1E-44C3-A01B-A7D9260CC98B} (InstallShield Update Service Setup Player) - http://updates.installshield.com/CAB/dwusplay.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 9020 bytes

Malwarebytes' Anti-Malware 1.41
Database version: 2997
Windows 5.1.2600 Service Pack 3

10/20/2009 8:20:17 AM
mbam-log-2009-10-20 (08-20-17).txt

Scan type: Full Scan (C:\|)
Objects scanned: 217204
Time elapsed: 1 hour(s), 36 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by blov10, 21 October 2009 - 05:51 AM.


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,311 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:40 PM

Posted 21 October 2009 - 01:27 PM

Hello blov10,

LimWire is not a dangerous application, but files downloaded with LimeWire are, as explained in my previous post. In conclusion, having LimeWire on your system is no security risk, however using it is.

Different NET.FrameWork versions have different functions and are used/required for different applications. In other words, you should install all updates for the different versions.

Lets try to get rid of all program leftovers first.


BACKUP THE REGISTRY
---------------------------
Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe


WBEMTEST
--------------
We need to check the Antivirus/Firewall applications that are registered in Security Center.
Please make sure you do not make any other modifications except for those instructed below!

1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Click Connect.
4. In the top left box type root\SecurityCenter and click Connect
5. Click on Query
6. Type SELECT * FROM AntiVirusProduct and click on Apply

Posted Image

If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result and scroll down to Display name.
In your case, one should have a display name AVG 9 and the other Avast
If you find the Avast entry, push the Close button and delete the entry. Please double check before doing this, your AVG should remain there. If you are not sure, just ask!


To remove all Outpost remnants, go to this site
Please follow the steps described under Outpost Firewall 1.0-4.0:
If you are unsure about how to proceed, don't hesitate to ask!


Please let me know how that went and post a new DDS log for my review.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 blov10

blov10
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 21 October 2009 - 06:01 PM

Hello,

I tried all the commands for the Outpost removal and I received this for all of the commands.

LoadLibrary("C:\xxx)failed. The specified module can not be found. This was the dialog box for all the commands when i typed them in.

I have stopped it manually via services but its still showing up in the log and I cannot find it anywhere.

Here is the path under the services tab/properties for the Outpost service: C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /service

In Regedit, there were no entries for the first two and the HKLM edit wasn't even available in my regedit choices. I have ran the CCleaner Regedit and I cannot find any registry entries for outpost.

Here are the logs:


DDS (Ver_09-10-13.01) - NTFSx86
Run by Ben Lotvedt at 18:12:00.34 on Wed 10/21/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.552 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Ben Lotvedt\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://www.microsoft.com/security/controls/WebCleaner.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1204848275734
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179680897312
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {885BB46A-3F1E-44C3-A01B-A7D9260CC98B} - hxxp://updates.installshield.com/CAB/dwusplay.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\benlot~1\applic~1\mozilla\firefox\profiles\6hf7nlkf.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\ben lotvedt\application data\mozilla\firefox\profiles\6hf7nlkf.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-31 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-19 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-19 360584]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-9-29 229304]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-20 285392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-9-29 87656]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-6-3 92008]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-9-29 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-9-29 70280]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-9-29 46592]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-9-29 115088]
S1 SandBox;Outpost Firewall Sandbox Driver;\??\c:\program files\agnitum\outpost firewall\kernel\sandbox.sys --> c:\program files\agnitum\outpost firewall\kernel\Sandbox.SYS [?]
S1 VFILT;Outpost Firewall Kernel Driver;\??\c:\program files\agnitum\outpost firewall\kernel\filtnt.sys --> c:\program files\agnitum\outpost firewall\kernel\FILTNT.SYS [?]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\adblock.dll --> c:\program files\agnitum\outpost firewall\kernel\ADBLOCK.DLL [?]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\arp.dll --> c:\program files\agnitum\outpost firewall\kernel\ARP.DLL [?]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\content.dll --> c:\program files\agnitum\outpost firewall\kernel\CONTENT.DLL [?]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\dnscache.dll --> c:\program files\agnitum\outpost firewall\kernel\DNSCACHE.DLL [?]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\ftpfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\FTPFILT.DLL [?]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\htmlfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\HTMLFILT.DLL [?]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\httpfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\HTTPFILT.DLL [?]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\imapfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\IMAPFILT.DLL [?]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\mailfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\MAILFILT.DLL [?]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\nntpfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\NNTPFILT.DLL [?]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\pop3filt.dll --> c:\program files\agnitum\outpost firewall\kernel\POP3FILT.DLL [?]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\protect.dll --> c:\program files\agnitum\outpost firewall\kernel\PROTECT.DLL [?]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\secret.dll --> c:\program files\agnitum\outpost firewall\kernel\SECRET.DLL [?]

=============== Created Last 30 ================

2009-10-20 06:24 <DIR> --d-h--- C:\$AVG
2009-10-20 06:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg9
2009-10-20 05:53 <DIR> --d----- c:\program files\Trend Micro
2009-10-11 08:43 <DIR> --d----- c:\program files\common files\Bcgsoft
2009-10-02 18:41 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-29 20:06 <DIR> --d----- c:\docume~1\benlot~1\applic~1\PCToolsFirewallPlus
2009-09-29 20:03 207,280 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-29 20:03 87,656 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-29 20:03 7,412 a------- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-29 20:03 7,383 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-29 20:03 229,304 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-29 20:03 7,387 a------- c:\windows\system32\drivers\pctgntdi.cat
2009-09-29 20:03 70,280 a------- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-09-29 20:03 46,592 a------- c:\windows\system32\drivers\pctNdis.sys
2009-09-29 20:03 32,552 a------- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-09-29 20:03 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-29 20:03 115,088 a------- c:\windows\system32\drivers\pctplfw.sys
2009-09-29 20:03 <DIR> --d----- c:\program files\PC Tools Firewall Plus
2009-09-29 06:21 <DIR> --d----- c:\program files\Everything
2009-09-23 07:07 <DIR> --d----- c:\program files\CCleaner
2009-09-22 18:29 <DIR> --d----- c:\program files\iTunes
2009-09-22 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-22 08:03 202,072 a----r-- c:\windows\system32\cpnprt2.cid

==================== Find3M ====================

2009-10-20 06:23 333,192 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-20 06:23 360,584 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-20 06:23 12,464 a------- c:\windows\system32\avgrsstx.dll
2009-09-21 06:08 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-11 22:00 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 09:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 16:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 05:35 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 03:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-25 21:53 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 10:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 09:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 09:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 09:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-31 12:41 4,212 a---h--- c:\windows\system32\zllictbl.dat
2001-08-17 22:36 138,752 a------- c:\documents and settings\ben lotvedt\windowssystem32sndvol32.exe
2008-05-08 06:33 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050820080509\index.dat
2008-05-08 06:34 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
2008-03-13 14:27 16,384 ac-sh--- c:\windows\temp\cookies\index.dat
2008-03-13 14:27 16,384 ac-sh--- c:\windows\temp\history\history.ie5\index.dat
2008-03-13 14:27 49,152 ac-sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 18:12:29.95 ===============

Attached Files


Edited by blov10, 21 October 2009 - 06:21 PM.


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,311 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:40 PM

Posted 22 October 2009 - 02:08 AM

Hello blov10,

I see we got rid of the Avast entry :(

Lets try things a little different for Outpost.


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
In your next reply, please include the following:
  • OTListIt.txt
  • ESET online scan results
  • Please let me know how everything is running now.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 blov10

blov10
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 22 October 2009 - 05:36 PM

Hello,

Here are the first set of logs. There were no threats found with the online scanner.

OTL logfile created on: 10/22/2009 3:31:18 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Ben Lotvedt\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.48 Mb Total Physical Memory | 401.46 Mb Available Physical Memory | 39.26% Memory free
1.28 Gb Paging File | 0.78 Gb Available in Paging File | 61.06% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.21 Gb Total Space | 11.99 Gb Free Space | 32.22% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D9CMQ231
Current User Name: Ben Lotvedt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/10/22 15:30:26 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ben Lotvedt\My Documents\Downloads\OTL.exe
PRC - [2009/10/20 06:23:09 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/20 06:23:08 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/10/20 06:23:08 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/10/20 06:23:05 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/20 06:22:59 | 02,010,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/10/20 06:22:52 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/09/24 08:59:28 | 02,971,608 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2009/09/23 08:43:00 | 00,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2009/09/21 06:07:32 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/11 22:00:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/09/11 22:00:35 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/11 05:45:39 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/03 07:46:36 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2005/10/19 08:59:12 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2004/03/04 10:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE
PRC - [2004/03/04 10:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXPPS.EXE
PRC - [2002/08/29 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (OutpostFirewall [Disabled | Stopped])
SRV - [2009/10/20 06:22:52 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd [Auto | Running])
SRV - [2009/09/23 08:43:00 | 00,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus [Auto | Running])
SRV - [2009/09/21 06:07:32 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/09/11 22:00:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/09/08 21:09:30 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/06/03 07:46:36 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/11/03 20:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2005/11/14 03:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/03/04 10:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\LEXBCES.EXE -- (LexBceS [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/10/20 06:23:37 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/10/20 06:23:37 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/10/20 06:23:36 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2009/09/24 08:55:46 | 00,229,304 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\DRIVERS\pctgntdi.sys -- (pctgntdi [System | Running])
DRV - [2009/09/16 14:19:24 | 00,087,656 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent [Auto | Running])
DRV - [2009/09/16 08:39:54 | 00,070,280 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter [On_Demand | Running])
DRV - [2009/09/08 12:48:36 | 00,115,088 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\DRIVERS\pctplfw.sys -- (pctplfw [On_Demand | Running])
DRV - [2009/08/14 12:44:18 | 00,032,552 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys -- (PCTFW-DNS [On_Demand | Running])
DRV - [2009/07/29 09:54:42 | 00,046,592 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\DRIVERS\pctNdis.sys -- (pctNDIS [On_Demand | Running])
DRV - [2009/06/01 06:12:41 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/01/19 13:11:19 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006/10/03 12:21:46 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2006/10/03 12:21:46 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2006/06/30 18:10:56 | 00,026,752 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
DRV - [2005/10/19 08:59:12 | 00,807,998 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2004/08/04 00:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004/08/04 00:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys -- (iAimFP4 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys -- (iAimFP3 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys -- (iAimTV4 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV04nt.sys -- (iAimTV3 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV02NT.sys -- (iAimTV1 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wATV01nt.sys -- (iAimTV0 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV01nt.sys -- (iAimFP0 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV02NT.sys -- (iAimFP1 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\wADV05NT.sys -- (iAimFP2 [On_Demand | Stopped])
DRV - [2004/08/04 00:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
DRV - [2003/08/29 04:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Stopped])
DRV - [2003/07/09 11:17:56 | 00,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
DRV - [2003/07/09 11:17:56 | 00,143,834 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
DRV - [2003/07/09 11:17:56 | 00,030,630 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])
DRV - [2003/07/09 11:17:56 | 00,025,898 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Running])
DRV - [2003/01/15 14:45:06 | 00,042,368 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2003/01/14 12:38:36 | 00,108,736 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
DRV - [2003/01/14 12:38:30 | 00,078,272 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])
DRV - [2002/12/19 17:48:48 | 00,539,008 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2002/12/17 12:27:32 | 00,241,152 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
DRV - [2002/08/29 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2002/08/29 05:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2002/07/19 10:22:08 | 00,017,153 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 12:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-353052747-2714088945-641443271-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-353052747-2714088945-641443271-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_Url = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-353052747-2714088945-641443271-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-353052747-2714088945-641443271-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-353052747-2714088945-641443271-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-353052747-2714088945-641443271-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={sea...ferrer:source?}
IE - HKU\S-1-5-21-353052747-2714088945-641443271-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-353052747-2714088945-641443271-1006\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKU\S-1-5-21-353052747-2714088945-641443271-1006\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKU\S-1-5-21-353052747-2714088945-641443271-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKU\S-1-5-21-353052747-2714088945-641443271-1006\S-1-5-21-353052747-2714088945-641443271-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-353052747-2714088945-641443271-1006\S-1-5-21-353052747-2714088945-641443271-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/10/20 06:22:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 17:47:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/11 22:00:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/14 05:41:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/14 05:47:42 | 00,000,000 | ---D | M]

[2009/07/22 07:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben Lotvedt\Application Data\mozilla\Extensions
[2008/09/13 22:46:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben Lotvedt\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/22 07:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben Lotvedt\Application Data\mozilla\Extensions\home2@tomtom.com
[2009/10/21 16:07:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben Lotvedt\Application Data\mozilla\Firefox\Profiles\6hf7nlkf.default\extensions
[2009/10/15 05:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben Lotvedt\Application Data\mozilla\Firefox\Profiles\6hf7nlkf.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/09/02 05:38:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben Lotvedt\Application Data\mozilla\Firefox\Profiles\6hf7nlkf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/11 21:19:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ben Lotvedt\Application Data\mozilla\Firefox\Profiles\6hf7nlkf.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/07/20 16:09:50 | 00,001,579 | ---- | M] () -- C:\Documents and Settings\Ben Lotvedt\Application Data\Mozilla\FireFox\Profiles\6hf7nlkf.default\searchplugins\aol-search.xml
[2009/07/20 16:09:45 | 00,002,207 | ---- | M] () -- C:\Documents and Settings\Ben Lotvedt\Application Data\Mozilla\FireFox\Profiles\6hf7nlkf.default\searchplugins\askcom.xml
[2009/07/20 16:07:35 | 00,002,164 | ---- | M] () -- C:\Documents and Settings\Ben Lotvedt\Application Data\Mozilla\FireFox\Profiles\6hf7nlkf.default\searchplugins\bing.xml
[2009/07/20 16:10:11 | 00,001,733 | ---- | M] () -- C:\Documents and Settings\Ben Lotvedt\Application Data\Mozilla\FireFox\Profiles\6hf7nlkf.default\searchplugins\live-search.xml
[2009/10/21 16:07:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/11 05:45:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/11 22:01:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/09/11 05:45:38 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/11 05:45:38 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/06/18 01:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/09/11 22:00:35 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/11 05:45:45 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/10/05 20:57:57 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/05 20:57:57 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/05 20:57:57 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/05 20:57:57 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/05 20:57:57 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/05 20:57:57 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/05 20:57:57 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/26 18:27:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/26 18:27:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/26 18:27:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/26 18:27:08 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/26 18:27:08 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/26 18:27:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/26 18:27:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-353052747-2714088945-641443271-1006..\Run: [] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-353052747-2714088945-641443271-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-353052747-2714088945-641443271-1006\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-353052747-2714088945-641443271-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-353052747-2714088945-641443271-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-353052747-2714088945-641443271-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 47 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-353052747-2714088945-641443271-1006\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-353052747-2714088945-641443271-1006\..Trusted Domains: 53 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} https://support.microsoft.com/OAS/ActiveX/odc.cab (Microsoft PID Sniffer)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://www.microsoft.com/security/controls/WebCleaner.cab (MalwareCleaner Class)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-17.cab (EPUImageControl Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/sit...b?1204848275734 (MUCatalogWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1179680897312 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {885BB46A-3F1E-44C3-A01B-A7D9260CC98B} http://updates.installshield.com/CAB/dwusplay.cab (InstallShield Update Service Setup Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flash...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab (EPSImageControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.50.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b7c9b610-1f53-11dc-8217-000bdb2c6c40}\Shell\AutoRun\command - "" = F:\CA_Install.exe -- File not found
O33 - MountPoints2\{c0fc6894-a02a-11de-90cc-000bdb2c6c40}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O33 - MountPoints2\{c7500420-76bd-11de-90b8-000bdb2c6c40}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/09/22 18:29:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/20 06:22:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/09/29 20:03:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/29 20:06:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ben Lotvedt\Application Data\PCToolsFirewallPlus
[2009/10/11 08:43:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Bcgsoft
[2009/09/29 20:03:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/09/23 07:07:31 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/09/29 06:21:29 | 00,000,000 | ---D | C] -- C:\Program Files\Everything
[2009/09/22 18:29:38 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/09/29 20:03:12 | 00,000,000 | ---D | C] -- C:\Program Files\PC Tools Firewall Plus
[2009/09/22 18:07:10 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/10/20 05:53:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/21 16:43:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/20 06:24:09 | 00,000,000 | -H-D | C] -- C:\$AVG
[2009/10/02 18:41:43 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/09/29 20:03:58 | 00,207,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/09/29 20:03:58 | 00,087,656 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/09/29 20:03:56 | 00,229,304 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/09/29 20:03:19 | 00,070,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys
[2009/09/29 20:03:18 | 00,046,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis.sys
[2009/09/29 20:03:18 | 00,032,552 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctNdis-DNS.sys
[2009/09/29 20:03:15 | 00,115,088 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplfw.sys

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/10/22 15:30:44 | 00,000,924 | ---- | M] () -- C:\Documents and Settings\Ben Lotvedt\Desktop\Shortcut to OTL.lnk
[2009/10/21 23:42:35 | 43,421,193 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/21 23:41:25 | 00,046,129 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/21 17:37:12 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/10/21 17:21:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/21 17:21:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/21 17:21:05 | 10,722,22208 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/21 05:28:08 | 00,000,318 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/10/21 02:55:10 | 00,000,326 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009/10/20 10:01:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/20 06:23:37 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/20 06:23:37 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/20 06:23:36 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/20 06:23:16 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/20 06:23:16 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/20 06:07:32 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/20 05:54:01 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Ben Lotvedt\Desktop\HijackThis.lnk
[2009/10/14 05:33:56 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/08 20:30:01 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/02 13:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/09/30 23:53:46 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/29 19:48:26 | 00,507,934 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/09/29 19:48:26 | 00,093,204 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/09/24 08:55:46 | 00,229,304 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2009/09/23 15:10:06 | 00,207,280 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys

========== Files - No Company Name ==========
[2009/10/22 15:30:44 | 00,000,924 | ---- | C] () -- C:\Documents and Settings\Ben Lotvedt\Desktop\Shortcut to OTL.lnk
[2009/10/21 17:21:05 | 10,722,22208 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/20 05:54:01 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Ben Lotvedt\Desktop\HijackThis.lnk
[2009/09/29 20:03:58 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2009/09/29 20:03:58 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/09/29 20:03:56 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2009/09/29 19:48:08 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/09/22 22:08:42 | 00,000,318 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2009/09/22 22:06:34 | 00,000,326 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2009/07/06 21:19:17 | 00,000,141 | ---- | C] () -- C:\WINDOWS\System32\_WDYSZYG.sys
[2009/01/19 13:40:29 | 00,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/12/31 21:41:57 | 00,000,141 | ---- | C] () -- C:\WINDOWS\System32\09wutili.sys
[2008/09/26 21:26:35 | 05,901,462 | -H-- | C] () -- C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\IconCache.db
[2008/05/15 13:03:27 | 00,000,363 | ---- | C] () -- C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\AutobahnAcceleratorInstall.txt
[2008/04/05 17:33:25 | 00,000,058 | ---- | C] () -- C:\WINDOWS\ph401.dll
[2007/11/01 12:49:40 | 00,000,104 | ---- | C] () -- C:\WINDOWS\System32\ProxySettings.ini
[2007/04/30 11:23:03 | 00,007,711 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/04/30 11:22:36 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/11/06 14:30:43 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/24 10:24:47 | 00,000,332 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/02/17 00:44:47 | 00,000,252 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/21 13:12:06 | 00,000,134 | ---- | C] () -- C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\fusioncache.dat
[2004/09/23 21:30:13 | 00,626,688 | ---- | C] () -- C:\WINDOWS\System32\dfxg13.dll
[2004/08/24 22:00:38 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/12 16:32:13 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2003/07/29 22:07:35 | 00,002,150 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/07/29 16:22:34 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Ben Lotvedt\Application Data\PFP110JPR.{PB
[2003/07/29 16:22:34 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Ben Lotvedt\Application Data\PFP110JCM.{PB
[2003/07/21 11:45:01 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2003/07/19 01:42:23 | 00,000,406 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/07/19 01:42:17 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/07/15 17:52:33 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Ben Lotvedt\Application Data\DESKTOP.INI
[2003/07/15 17:52:30 | 00,092,040 | ---- | C] () -- C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2003/07/09 11:19:24 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/07/09 11:10:09 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/07/09 11:05:35 | 00,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/07/09 10:54:44 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/07/09 10:43:06 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/03 08:59:58 | 00,000,764 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 08:50:58 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/09/03 08:50:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\sndvol32.exe:SummaryInformation
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\WORDPAD.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\WMSysPrx.prx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\WINNT256.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\WINNT.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\WINHELP.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\Win.ipe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\WIASERVC.LOG:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\VMMREG32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\VBADDIN.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\VB.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\TWUNK_32.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\TWUNK_16.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\TWAIN.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ZLIB.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WUPDMGR.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WSHNETBS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WSHISN.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WSHATM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WPA.DBL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WOWFAXUI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WOWFAX.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WOWEXEC.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WOWDEB.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVDMOE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMVCORE2.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMV8DMOD.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMPSTUB.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMIPROP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMIMGMT.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMIDX.OCX:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WMERRENU.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINSTRM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINSPOOL.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINSOCK.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINOLDAP.MOD:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINNLS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINMSD.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINHLP32.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINHELP.HLP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WINFAX.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WIN87EM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WIN.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WIFEMAN.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WIAVUSD.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WIASF.AX:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WEBHITS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WDL.TRM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wbem\unsecapp.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBDBASE.SVE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBDBASE.NLD:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBDBASE.ITA:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBDBASE.FRA:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBDBASE.ESN:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBDBASE.ENU:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBDBASE.DEU:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBCACHE.SVE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBCACHE.NLD:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBCACHE.ITA:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBCACHE.FRA:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBCACHE.ESN:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBCACHE.ENU:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\WBCACHE.DEU:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\W32TOPL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\W32TM.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VSSADMIN.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VSS_PS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VJOY.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\View Channels.scf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VGA64K.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VGA256.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VGA.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VGA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VFPODBC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VERIFIER.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VER.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VCDEX.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\VBAR332.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\V7VGA.ROM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\UTILDLL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRVPA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRVOICA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRV80A.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRV42A.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRSVPIA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRSHUTA.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRSDPIA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRRTOSA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRPRBDA.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRMLNKA.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRLOGON.CMD:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRLBVA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRFAXA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRDTEA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRDPA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRCOINA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USRCNTRA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\USER.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\URLMON(3)(2).DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\URLMON(2).DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\URLMON(2)(2).DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\UREG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\UNLODCTR.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\UNICODE.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\UMDMXFRM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\UFAT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TYPELIB.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSSOFT32.ACM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSSHUTDN.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSLABELS.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSLABELS.H:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSKILL.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSDISCON.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSD32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSCON.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSBYUV.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TSAPPCMP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TRAFFIC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TRACERT6.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TOOLHELP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TIMER.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TFTP.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TELEPHON.CPL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TCPSVCS.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TCMSETUP.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TASKMAN.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TAPIUI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TAPIPERF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\TAPI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SYSTRAY.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SYSPRTJ.SEP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SYSPRINT.SEP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SYSKEY.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SYSINV.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SYSEDIT.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SYNCAPP.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SWPRV.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SVCPACK.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SUBST.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\STREAMCI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\STORAGE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\STDOLE32.TLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\STATUS.MPF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SQLWOA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SQLWID.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SQLSODBC.CHM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SPXCOINS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SPRIO800.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SPRIO600.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SPRESTRT.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SPNIKE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SORTKEY.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SOFTPUB.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SLBRCCSP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SKDLL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SISBKUP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SHLWAPI(3).DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SHLWAPI(2).DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SHELL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SHDOCVW(3).DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SHDOCVW(2).DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SHARE.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SHADOW.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SFMAPI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SFC.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SETVER.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SETUPDLL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SETUP.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SERWVDRV.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SERVICES.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SERIALUI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SENSCFG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secupd.sig:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secupd.dat:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SDPBLB.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SCRIPTO.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SCREDIR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SCCBASE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\SCARDSSP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RWINSTA.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RUNAS.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RTM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RTCRES.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSVPPERF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSVPMSG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSVPCNTS.H:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSVP.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSMUI.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSMSINK.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSM.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RSACI.RAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RPCNS4.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ROUTETAB.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ROUTEMON.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ROUTE.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RNR20.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Richtx32.ocx:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RICHED32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RESET.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\REPLACE.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\REND.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\REGWIZ.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\REGINI.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\REGEDT32.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RECOVER.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RDPCFGEX.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RASSER.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RASRAD.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RASMXS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RASMONTR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RASDIAL.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RASCTRS.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RASCTRS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RASCTRNM.H:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\RASAUTOU.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\QWINSTA.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\QuickTime.qtp:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\QOSNAME.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\QAPPSRV.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PUBPRN.VBS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ptpusd.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PSNPPAGN.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PSCRIPT.SEP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PSCHDPRF.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PSCHDPRF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PSCHDCNT.H:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PRODSPEC.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PRINT.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PRFLBMSG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PMSPL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PLUSTAB.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PING6.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PIFMGR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PERFWCI.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PERFWCI.H:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PERFTS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PERFI009.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PERFFILT.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PERFFILT.H:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PERFD009.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PERFCI.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PERFCI.H:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PENTNT.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PCL.SEP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PATHPING.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PAQSP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\PANMAP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OSUNINST.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLETHK32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLESVR32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLESVR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLEDLG(4).DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLEDLG(2).DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLECLI32(3).DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLECLI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLE2NLS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLE2DISP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OLE2.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMBKGN1.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMBIOS.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMBIOS.CAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\OEMBIOS.BIN:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ODBC16GT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTSDEXTS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTSD.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTMSOPRQ.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTMSMGR.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTMSEVT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTLANUI2.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTLANUI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTIMAGE.GIF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTDOS804.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTDOS412.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTDOS411.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTDOS404.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NTDOS.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.THA:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.SVE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.NLD:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.ITA:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.FRA:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.ESN:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.ENU:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.ENG:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.DEU:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.CHT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NOISE.CHS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NMEVTMSG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NLSFUNC.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NETUI2.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NETMSG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NETH.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NETEVENT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NETAPI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NET.HLP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NCXPNT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NCPA.CPL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NBTSTAT.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\NARRHOOK.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MYCOMPUT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSXMLR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSXML3R.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSXML2R.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSVIDEO.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSVCRT20.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSVCP50.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSVBVM50.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSUNI11.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSSWCHX.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSSWCH.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSSIP32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSSIGN32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSRECR40.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSRCLR40.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSRATELC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSR2CENU.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSR2C.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSPORTS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSOBJS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSISAM11.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSIDNTLD.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSHTML(3).DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSHTML(2).DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSG.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSENCODE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSDTCPRF.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSDTCPRF.H:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSCDEXNT.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSCAT32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSAUDITE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSACM32.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSACM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MSAATEXT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MRINFO.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MPRUI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MPRMSG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MPRDDM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MPNOTIFY.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MOUNTVOL.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MODEX.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MODE.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MMUTILSE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MMTASK.TSK:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MMDRV.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MMDRIVER.INF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MLL_QIC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MLL_MTF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MLL_HP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MLANG.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MINDEX.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MIGPWD.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MIB.BIN:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MFCANS32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MFC40.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MEM.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MDWMDMSP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MDHCP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MCIWAVE.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MCISEQ.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MCIOLE32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MCIOLE16.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MCICDA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MCIAVI.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MCHGRCOI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MCDSRV32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MCD32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MAPISTUB.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MAPI32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MAIN.CPL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\MAG_HOOK.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LZEXPAND.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LZ32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LXADSUI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LUSRMGR.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LRNXP.ICO:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LPRMONUI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LPR.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LPQ.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LOGOFF.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LOGHOURS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LODCTR.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LOADFIX.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LNKSTUB.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LIGHTS.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LANMAN.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\LABEL.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\L3CODECX.AX:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\L3CODECX.ACM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\L_INTL.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\L_EXCEPT.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KEYBOARD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KEY01.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KDCOM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDYCL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDYCC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDUZB.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDUSX.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDUSR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDUSL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDUR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDUK.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDTUQ.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDTUF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDTAT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDSW.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDSP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDSL1.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDSL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDSG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDSF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDRU1.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDRU.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDRO.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDPO.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDPL1.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDPL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDNO.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDNE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDMON.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDMAC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDLV1.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDLV.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDLT1.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDLT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDLA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDKYR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDKAZ.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDIT142.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDIT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDIR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDIC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDHU1.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDHU.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDHEPT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDHELA3.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDHELA2.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDHE319.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDHE220.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDHE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDGR1.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDGR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDGKL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDGAE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDFR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDFO.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDFI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDFC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDEST.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDES.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDDV.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDDA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDCZ2.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDCZ1.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDCZ.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDCR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDCAN.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDCA.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDBU.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDBR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDBLR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDBENE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDBE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDAZEL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDAZE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KBDAL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\KB16.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\JOBEXEC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\JGSH400.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\JGSD400.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\JGMD400.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\JGAW400.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\JET500.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IRCLASS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IR32_32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IPXSAP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IPXRTMGR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IPXRIP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IPXPROMN.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IPXMONTR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IPSEC6.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IPRTPRIO.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IPROP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IOLOGMSG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\INFOSOFT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\INETWH32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\INETCPLC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\INET16.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IFSUTIL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ICMUI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ICFGNT5.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IASSVCS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IASSDO.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IASSAM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IASRECST.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IASPOLCY.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IASNAP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IASHLPR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IASADS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\IASACCT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\iAlmCoIn_0_v9.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\HOSTNAME.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\HOMEPAGE.INF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\HNETMON.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\HIMEM.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GRAPHICS.PRO:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GRAPHICS.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GRAFTABL.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GPKCSP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GLMF32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GEO.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GDI.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\GCDEF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\G711CODC.AX:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\fxsclntR.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FTSRCH.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FSUTIL.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FSUSD.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FSMGMT.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Fregshex.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FMIFS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FIXMAPI.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FINGER.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FINFCOPY.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FINFCHECK.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FIND.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FFTIFF16.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FF05DA0D.FCR:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FF05DA0D.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FCLKBTN.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FC.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\FASTOPEN.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EXPAND.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EXE2BIN.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EVENTVWR.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EVENTVWR.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EVENTCLS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EULA.TXT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ESENTUTL.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ESENTPRF.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ESENTPRF.HXX:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ESENTPRF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ESENT97.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EqnClass.Dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EGA.CPI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EDLIN.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EDIT.HLP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\EDIT.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DVDPLAY.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DSSEC.DAT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DSOUND.VXD:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DSAUTH.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ds16gt.dLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRWATSON.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\WMILIB.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\watv10nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\watv06nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wadv11nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wadv09nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wadv08nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\wadv07nt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\VDMINDVD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\VC4CB104.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\USBD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ultra.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\TSBVCAP.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\TOSDVD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\SMCLIB.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\slwdmsup.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\slnthal.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\slntamr.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\slnt7554.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\s3gnbm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\Drivers\RootMdm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RIODRV.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RIO8DRV.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\recagent.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\RAWWAN.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\raspti.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\rasacd.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ql10wnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ql1080.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\pwd_2K.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ptilink.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\perc2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\pciide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\PARVDM.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\OPRGHDLR.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NWLNKSPX.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NWLNKNB.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NULL.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ntmtlfax.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\NIKEDRV.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mtxparhm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mtlstrm.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mtlmnt5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\mraid35x.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MNMDD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Mmc_2k.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mdmxsdk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\MCD.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ini910u.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hsfdpsp2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hsfcxts2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\hsfbs2s2.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\GMREADME.TXT:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\GM.DLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ftdisk.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\FSVGA.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\FS_REC.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\el90xbc5.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\DXGTHK.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\DXAPI.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Dvd_2k.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\Dell_DIM_DIM2350.mrk:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\cxthsfs2.cty:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\CPQDAP01.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\CINEMST2.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\CDAUDIO.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\BEEP.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\BCMDM.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\BASFND.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ATMUNI.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ATMEPVC.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinxsxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinxbxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atintuxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinttxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinsnxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinrvxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinraxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinpdxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinmdxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\atinbtxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati2mtag.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati2mtaa.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1xsxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1xbxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1tuxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1ttxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1snxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1rvxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1raxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1pdxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1mdxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ati1btxx.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\aliide.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\adpu160m.sys:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\ACPIEC.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DPWSOCK.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DPSERIAL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DPNWSOCK.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DPNMODEM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DPLAY.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DOSKEY.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DOCPROP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DMVIEW.OCX:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DMOCX.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DMINTF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DMDSKRES.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DMCONFIG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DLLHST3G.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\Q330994.inf:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dllcache\evtgprov.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DISKPERF.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DISKMGMT.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DISKCOPY.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DISKCOMP.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DIMAP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DIACTFRM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DHCPSAPI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DGSETUP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DGRPSETU.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DFRGRES.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DFRG.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DEVMGMT.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DESKPERF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DESKMON.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DESKADP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DELLWALL.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DellSys.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DEBUG.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DDEML.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\dbmsvinn.dLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DBMSADSN.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DBGENG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\D3DXOF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\D3DRM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\D3DRAMP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\D3DPMESH.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\D3DIM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CTYPE.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CTL3D32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CSSEQCHK.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CRTDLL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\COUNTRY.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CONVERT.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ControlSuite.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CONTROL.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CONSOLE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CONFIG.TMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\COMPOBJ.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\COMPMGMT.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\COMPACT.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\COMP.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\COMMDLG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\COMMAND.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\COMDLG32.OCX:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\COMCAT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CNVFAT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CNETCFG.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CMPBK32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CMOS.RAM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CMMGR32.HLP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CLICONF.CHM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CLB.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CKCNV.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CIDAEMON.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CIADV.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CIADMIN.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CHKNTFS.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CHKDSK.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CHCP.COM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CERTMGR.MSC:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cdrtc.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cdral.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CDMODEM.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CDDBUIRoxio.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CDDBControlRoxio.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CCFGNT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CARDS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_950.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_949.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_936.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_932.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_875.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_874.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_869.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_866.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_865.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_863.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_861.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_860.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_857.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_855.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_852.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_850.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_775.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_737.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_500.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_437.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_28605.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_28603.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_28599.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_28598.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_28597.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_28595.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_28594.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_28593.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_28592.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_28591.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_21866.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_20905.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_20866.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_20261.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_20127.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1258.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1257.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1256.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1255.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1254.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1253.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1252.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1251.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1250.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_1026.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_10082.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_10081.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_10079.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_10029.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_10017.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_10010.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_10007.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_10006.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_10000.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\C_037.NLS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BOOTVRFY.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BOOTOK.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BIOS4.ROM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BIOS1.ROM:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BCMSMI32.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BCMSM168.dll:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\BacsTray.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\B57exp.cpl:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AVIFILE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AVICAP32.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\autoexec.nt:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AUTODISC.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ATRACE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ATMPVCNO.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ATKCTRS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ARP.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\APPEND.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\APCUPS.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ANSI.SYS:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ADPTIF.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ACTIVEDS.TLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ACLEDIT.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ACELPDEC.AX:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ACCTRES.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\AAAAMON.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\12520850.CPX:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\12520437.CPX:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$WINNT$.INF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\$NCSP$.INF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\WFWNET.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\VGA.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\VER.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\TIMER.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\TAPI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\STDOLE.TLB:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\SOUND.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\SHELL.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\SETUP.INF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\RDB16.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\OLESVR.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\OLECLI.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\MSVIDEO.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\MOUSE.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\MMTASK.TSK:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\MCIWAVE.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\MCISEQ.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\MCIAVI.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\LZEXPAND.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\AVIFILE.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System\AVICAP.DLL:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\System.ipe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\SchedLgU.Txt:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\REGLOCS.OLD:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\ODBCINST.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\NCUNINST.EXE:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\MSDFMAP.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\EXPLORER.SCF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\DELL.BMP:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\CLOCK.AVI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\cdPlayer.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\BCMSMU.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\BCMSMD2K.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\AolCInUn.exe:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\WINDOWS\_DEFAULT.PIF:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\SystemInfo.ini:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\IPH.PH:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\All Users\Application Data\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 68 bytes -> C:\config.sys.bak:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\wininit.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\uninstaller.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\unezfw.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\uneng.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\TASKMAN.EXE:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedon.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\zonedoff.reg:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\yfwgbe.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\yfwgba.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xwxipe.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp1hfm.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xenroll.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wspell.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wow32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmvcore(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmv8dmoe.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpscheme.xml:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmpns.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmploc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmasf(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wjview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wininet(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiaservc(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiaservc(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webfldrs.msi:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vmhelper.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\urlmon(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uninstall.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tscupgrd.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sxs(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssceam2.clx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssceam.tlx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spupdwxp.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spdwnwxp.log:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\slbcsp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shsvcs(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(7).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(6).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shlwapi(5).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shell32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdocvw.bak:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\setb0.tmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rpcss(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\roboex32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rnaph.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\redir.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\popup.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\patterns.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ole32(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio804.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio412.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio411.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio404.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntio.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\npwmsdrm.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msxbse35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcr70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvci70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstext35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msstkprp.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrepl35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrd2x35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mspdox35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msmask32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msltus35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjter35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjint35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjet35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjdbc10.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msjava.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mshtml(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msftedit(4).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msftedit(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msexcl35.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msawt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\moz02030501.de:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcuia32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc70u.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mcinsctl.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapisvc.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltkrn13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltimg13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltfil13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltefx13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ltdis13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\linkinfo(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfgif13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfcmp13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lfbmp13n.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\krnl386.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jview.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jit.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\jdbgmgr.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javart.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaprxy.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javaee.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javacypt.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrtrk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrsve.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrrus.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrptg.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrplk.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnor.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrnld.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrhun.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrheb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfrc.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrfin.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxreng.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrell.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrdan.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrcsy.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrarb.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxrara.lrc:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhtrk.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhsve.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhrus.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhptg.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhplk.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhnor.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhnld.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhhun.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhheb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfrc.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhfin.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxheng.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhell.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhdan.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhcsy.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxharb.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\igfxhara.lhp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxssend.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsroute.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxsperf.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscount.h:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\fxscfgwz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\emptyregdb.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\elnksupl.tlx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\e5c61as.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\e5602as.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dx3j.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wa301b.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wa301a.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vch.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\udfreadr_xp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\smsens.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fad9x.inf:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fad.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdudf_xp.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a314.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a313.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a312.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a311.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a310.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a309.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a308.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a307.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a306.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a305.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a304.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a303.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\a302.sys:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dosx.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxssend.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsroute.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxsclntr.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllcache\fxscfgwz.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dfxg13.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\correct.tlx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comctl32.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comct232.ocx:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clspack.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabw32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browseui(3).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browseui(2).dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bacs.chm:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl70.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\a3d.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\System\mmsystem.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\smscfg.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\setdebug.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\searchen.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\Q330994.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\pcdlib32.dll:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.isu:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\orun32.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\oeuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\nsreg.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\muninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\mozver.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\kwv2.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\jautoexp.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\intuprof.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\ieuninst.exe:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\del.tmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\box boat blue.ico:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\WINDOWS\002222_.tmp:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Ben Lotvedt\My Documents\spider.sav:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Ben Lotvedt\My Documents\msinfo.nfo:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\fusioncache.dat:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Ben Lotvedt\Desktop\desktop.ini:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Ben Lotvedt\Application Data\PFP110JPR.{PB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Ben Lotvedt\Application Data\PFP110JCM.{PB:KAVICHS
@Alternate Data Stream - 36 bytes -> C:\Documents and Settings\Ben Lotvedt\Application Data\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\OLEACCRC.DLL:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DRIVERS\wATV04nt.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\DRIVERS\ql12160.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\WINDOWS\System32\drivers\ialmkchw.sys:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\Stephanie Hoffert\Start Menu\Programs\Startup\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\Ben Lotvedt\Start Menu\Programs\Startup\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 228 bytes -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\SYSTEM.DRV:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\MSVIDC32.DLL:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\FNTCACHE.DAT:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\drivers\ialmsbw.sys:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\System32\DRIVERS\dac960nt.sys:KAVICHS
@Alternate Data Stream - 196 bytes -> C:\BOOTSECT.DOS:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\WindowsUpdate.log:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\SOUND.DRV:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\MSGSM32.ACM:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\KEYBOARD.DRV:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRWTSN32.EXE:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\drivers\ws2ifsl.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\toside.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\sym_u3.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\RDPCDD.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\ql1280.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\ql1240.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\perc2hib.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\hpn.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\dpti2o.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\dac2w2k.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\cmdide.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\audstub.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\asc3550.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\asc3350p.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\asc.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\amsint.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\aic78xx.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\aic78u2.sys:KAVICHS
@Alternate Data Stream - 164 bytes -> C:\WINDOWS\System32\DRIVERS\aha154x.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\riched20(4).dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\riched20(2).dll:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\OLEACC.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSG723.ACM:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\MSG711.ACM:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\KBDUS.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DRIVERS\wATV02NT.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DRIVERS\symc8xx.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DRIVERS\symc810.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DRIVERS\sym_hi.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DRIVERS\sparrow.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\smwdm.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DRIVERS\omci.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\drivers\MODEMCSA.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DRIVERS\cpqarray.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DRIVERS\cbidf2k.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\COMM.DRV:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\WINDOWS\System32\BOOTVID.DLL:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\Ben Lotvedt\My Documents\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Documents\DESKTOP.INI:KAVICHS
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\tasks\ISP signup reminder 1.job:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\shsvcs(5).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\shsvcs(4).dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\OEMINFO.INI:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\OEMBIOS.SIG:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\msvcp61.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\LANGWRBK.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DRIVERS\wATV01nt.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DRIVERS\wADV05NT.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DRIVERS\wADV02NT.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DRIVERS\wADV01nt.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DRIVERS\nv4_mini.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DRIVERS\i81xnt5.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\DRIVERS\BCMSM.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\drivers\aeaudio.sys:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\System\COMMDLG.DLL:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\BOOTSTAT.DAT:KAVICHS
@Alternate Data Stream - 100 bytes -> C:\WINDOWS\BCMSMMSG.exe:KAVICHS

========== Files - Unicode (All) ==========
[2006/12/07 04:05:53 | 00,000,000 | ---D | M](C:\WINDOWS\?dobe) -- C:\WINDOWS\Αdobe
[2006/10/17 17:19:11 | 00,000,000 | ---D | C](C:\WINDOWS\?dobe) -- C:\WINDOWS\Αdobe
< End of report >

Attached Files



#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,311 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:40 PM

Posted 23 October 2009 - 02:31 AM

Hello blov10,

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :Services
    OutpostFirewall
    
    :OTL
    O15 - HKLM\..Trusted Domains: 47 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKU\.DEFAULT\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKU\S-1-5-18\..Trusted Domains: 46 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKU\S-1-5-21-353052747-2714088945-641443271-1006\..Trusted Domains: ([]msn in My Computer)
    O15 - HKU\S-1-5-21-353052747-2714088945-641443271-1006\..Trusted Domains: 53 domain(s) and sub-domain(s) not assigned to a zone.
    
    :Commands
    [emptytemp]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
In your next reply, please include the following:
  • OTL report
  • A new DDS log
  • A description of any remaining problems

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 blov10

blov10
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 23 October 2009 - 07:57 AM

Hello,

Here are the logs from the previous scan/fixes. The outpost is still showing up in the DDS report. There is another log I attached along with the others requested. It showed up on the desktop after the reboot from OTL. It is named desktop.ini. I was unable to download two updates previously from Microsoft. One was for .NET 1.1 and one for .NET 2.0 framework. Was that related to the issues I was having previously or is it something non-related?

Thanks again.

All processes killed
========== SERVICES/DRIVERS ==========
Service\Driver OutpostFirewall stopped successfully.
Service\Driver OutpostFirewall deleted successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msn.com\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-353052747-2714088945-641443271-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 130045 bytes

User: All Users

User: Ben Lotvedt
->Temp folder emptied: 423616461 bytes
File delete failed. C:\Documents and Settings\Ben Lotvedt\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 247799019 bytes
->Java cache emptied: 29008582 bytes
File delete failed. C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\Mozilla\Firefox\Profiles\6hf7nlkf.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\Mozilla\Firefox\Profiles\6hf7nlkf.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\Mozilla\Firefox\Profiles\6hf7nlkf.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\Mozilla\Firefox\Profiles\6hf7nlkf.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\Mozilla\Firefox\Profiles\6hf7nlkf.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\Mozilla\Firefox\Profiles\6hf7nlkf.default\XUL.mfl scheduled to be deleted on reboot.
->FireFox cache emptied: 92594707 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 774878 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 227039514 bytes

User: Owner

User: Stephanie Hoffert
->Temp folder emptied: 2817696 bytes
->Temporary Internet Files folder emptied: 9102084 bytes
->Java cache emptied: 1377059 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 636301 bytes
%systemroot%\System32 .tmp files removed: 8983057 bytes
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_328.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 116032 bytes
RecycleBin emptied: 7541471 bytes

Total Files Cleaned = 1002.95 mb


OTL by OldTimer - Version 3.0.21.0 log created on 10232009_073410

Files\Folders moved on Reboot...
C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\Mozilla\Firefox\Profiles\6hf7nlkf.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\Mozilla\Firefox\Profiles\6hf7nlkf.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\Mozilla\Firefox\Profiles\6hf7nlkf.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\Mozilla\Firefox\Profiles\6hf7nlkf.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\Mozilla\Firefox\Profiles\6hf7nlkf.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Ben Lotvedt\Local Settings\Application Data\Mozilla\Firefox\Profiles\6hf7nlkf.default\XUL.mfl moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_328.dat not found!

Registry entries deleted on Reboot...

DDS (Ver_09-10-13.01) - NTFSx86
Run by Ben Lotvedt at 7:49:04.57 on Fri 10/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.480 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Ben Lotvedt\Desktop\Unused Desktop Shortcuts\Spyware\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://www.microsoft.com/security/controls/WebCleaner.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1204848275734
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179680897312
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {885BB46A-3F1E-44C3-A01B-A7D9260CC98B} - hxxp://updates.installshield.com/CAB/dwusplay.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\benlot~1\applic~1\mozilla\firefox\profiles\6hf7nlkf.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\ben lotvedt\application data\mozilla\firefox\profiles\6hf7nlkf.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-31 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-19 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-19 360584]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-9-29 229304]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-20 285392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-9-29 87656]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-9-29 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-9-29 70280]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-9-29 46592]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-9-29 115088]
S1 SandBox;Outpost Firewall Sandbox Driver;\??\c:\program files\agnitum\outpost firewall\kernel\sandbox.sys --> c:\program files\agnitum\outpost firewall\kernel\Sandbox.SYS [?]
S1 VFILT;Outpost Firewall Kernel Driver;\??\c:\program files\agnitum\outpost firewall\kernel\filtnt.sys --> c:\program files\agnitum\outpost firewall\kernel\FILTNT.SYS [?]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-6-3 92008]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\adblock.dll --> c:\program files\agnitum\outpost firewall\kernel\ADBLOCK.DLL [?]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\arp.dll --> c:\program files\agnitum\outpost firewall\kernel\ARP.DLL [?]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\content.dll --> c:\program files\agnitum\outpost firewall\kernel\CONTENT.DLL [?]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\dnscache.dll --> c:\program files\agnitum\outpost firewall\kernel\DNSCACHE.DLL [?]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\ftpfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\FTPFILT.DLL [?]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\htmlfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\HTMLFILT.DLL [?]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\httpfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\HTTPFILT.DLL [?]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\imapfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\IMAPFILT.DLL [?]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\mailfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\MAILFILT.DLL [?]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\nntpfilt.dll --> c:\program files\agnitum\outpost firewall\kernel\NNTPFILT.DLL [?]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\pop3filt.dll --> c:\program files\agnitum\outpost firewall\kernel\POP3FILT.DLL [?]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\protect.dll --> c:\program files\agnitum\outpost firewall\kernel\PROTECT.DLL [?]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\c:\program files\agnitum\outpost firewall\kernel\secret.dll --> c:\program files\agnitum\outpost firewall\kernel\SECRET.DLL [?]

=============== Created Last 30 ================

2009-10-23 07:34 <DIR> --d----- C:\_OTL
2009-10-20 06:24 <DIR> --d-h--- C:\$AVG
2009-10-20 06:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg9
2009-10-20 05:53 <DIR> --d----- c:\program files\Trend Micro
2009-10-11 08:43 <DIR> --d----- c:\program files\common files\Bcgsoft
2009-10-02 18:41 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-29 20:06 <DIR> --d----- c:\docume~1\benlot~1\applic~1\PCToolsFirewallPlus
2009-09-29 20:03 207,280 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-29 20:03 87,656 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-29 20:03 7,412 a------- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-29 20:03 7,383 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-29 20:03 229,304 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-29 20:03 7,387 a------- c:\windows\system32\drivers\pctgntdi.cat
2009-09-29 20:03 70,280 a------- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-09-29 20:03 46,592 a------- c:\windows\system32\drivers\pctNdis.sys
2009-09-29 20:03 32,552 a------- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-09-29 20:03 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-29 20:03 115,088 a------- c:\windows\system32\drivers\pctplfw.sys
2009-09-29 20:03 <DIR> --d----- c:\program files\PC Tools Firewall Plus
2009-09-29 06:21 <DIR> --d----- c:\program files\Everything

==================== Find3M ====================

2009-10-20 06:23 333,192 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-20 06:23 360,584 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-20 06:23 12,464 a------- c:\windows\system32\avgrsstx.dll
2009-09-21 06:08 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-11 22:00 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 09:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 16:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 05:35 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 03:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-25 21:53 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 10:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 09:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 09:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 09:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-31 12:41 4,212 a---h--- c:\windows\system32\zllictbl.dat
2001-08-17 22:36 138,752 a------- c:\documents and settings\ben lotvedt\windowssystem32sndvol32.exe
2008-05-08 06:33 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050820080509\index.dat
2008-05-08 06:34 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
2008-03-13 14:27 16,384 ac-sh--- c:\windows\temp\cookies\index.dat
2008-03-13 14:27 16,384 ac-sh--- c:\windows\temp\history\history.ie5\index.dat
2008-03-13 14:27 49,152 ac-sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 7:50:22.35 ===============

Attached Files



#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,311 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:40 PM

Posted 23 October 2009 - 09:14 AM

Hello blov10,

You can delete the desktop.ini, it is related to Windows Media Player and nothing to be concerned about.

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :Services
    SandBox
    VFILT
    ADBLOCK.DLL
    ARP.DLL 
    CONTENT.DLL 
    DNSCACHE.DLL 
    FTPFILT.DLL 
    HTMLFILT.DLL
    HTTPFILT.DLL
    IMAPFILT.DLL 
    MAILFILT.DLL 
    NNTPFILT.DLL 
    POP3FILT.DLL 
    PROTECT.DLL 
    SECRET.DLL
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
In your next reply, please include the following:
  • OTL report
  • A new DDS log

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 blov10

blov10
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 23 October 2009 - 03:17 PM

Hello,

Here are the logs.

========== SERVICES/DRIVERS ==========
Service\Driver SandBox stopped successfully.
Service\Driver SandBox deleted successfully.
Service\Driver VFILT stopped successfully.
Service\Driver VFILT deleted successfully.
Service\Driver ADBLOCK.DLL stopped successfully.
Service\Driver ADBLOCK.DLL deleted successfully.
Service\Driver ARP.DLL stopped successfully.
Service\Driver ARP.DLL deleted successfully.
Service\Driver CONTENT.DLL stopped successfully.
Service\Driver CONTENT.DLL deleted successfully.
Service\Driver DNSCACHE.DLL stopped successfully.
Service\Driver DNSCACHE.DLL deleted successfully.
Service\Driver FTPFILT.DLL stopped successfully.
Service\Driver FTPFILT.DLL deleted successfully.
Service\Driver HTMLFILT.DLL stopped successfully.
Service\Driver HTMLFILT.DLL deleted successfully.
Service\Driver HTTPFILT.DLL stopped successfully.
Service\Driver HTTPFILT.DLL deleted successfully.
Service\Driver IMAPFILT.DLL stopped successfully.
Service\Driver IMAPFILT.DLL deleted successfully.
Service\Driver MAILFILT.DLL stopped successfully.
Service\Driver MAILFILT.DLL deleted successfully.
Service\Driver NNTPFILT.DLL stopped successfully.
Service\Driver NNTPFILT.DLL deleted successfully.
Service\Driver POP3FILT.DLL stopped successfully.
Service\Driver POP3FILT.DLL deleted successfully.
Service\Driver PROTECT.DLL stopped successfully.
Service\Driver PROTECT.DLL deleted successfully.
Service\Driver SECRET.DLL stopped successfully.
Service\Driver SECRET.DLL deleted successfully.

OTL by OldTimer - Version 3.0.21.0 log created on 10232009_151204

DDS (Ver_09-10-13.01) - NTFSx86
Run by Ben Lotvedt at 15:15:13.53 on Fri 10/23/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.452 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Ben Lotvedt\Desktop\Unused Desktop Shortcuts\Spyware\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://www.microsoft.com/security/controls/WebCleaner.cab
DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} - hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1204848275734
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179680897312
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {885BB46A-3F1E-44C3-A01B-A7D9260CC98B} - hxxp://updates.installshield.com/CAB/dwusplay.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\benlot~1\applic~1\mozilla\firefox\profiles\6hf7nlkf.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\ben lotvedt\application data\mozilla\firefox\profiles\6hf7nlkf.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-31 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-19 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-19 360584]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-9-29 229304]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-20 285392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1028432]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-9-29 87656]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-9-29 32552]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-9-29 70280]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-9-29 46592]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-9-29 115088]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-6-3 92008]

=============== Created Last 30 ================

2009-10-23 07:34 <DIR> --d----- C:\_OTL
2009-10-20 06:24 <DIR> --d-h--- C:\$AVG
2009-10-20 06:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg9
2009-10-20 05:53 <DIR> --d----- c:\program files\Trend Micro
2009-10-11 08:43 <DIR> --d----- c:\program files\common files\Bcgsoft
2009-10-02 18:41 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-29 20:06 <DIR> --d----- c:\docume~1\benlot~1\applic~1\PCToolsFirewallPlus
2009-09-29 20:03 207,280 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-29 20:03 87,656 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-29 20:03 7,412 a------- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-29 20:03 7,383 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-29 20:03 229,304 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-29 20:03 7,387 a------- c:\windows\system32\drivers\pctgntdi.cat
2009-09-29 20:03 70,280 a------- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2009-09-29 20:03 46,592 a------- c:\windows\system32\drivers\pctNdis.sys
2009-09-29 20:03 32,552 a------- c:\windows\system32\drivers\pctNdis-DNS.sys
2009-09-29 20:03 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-29 20:03 115,088 a------- c:\windows\system32\drivers\pctplfw.sys
2009-09-29 20:03 <DIR> --d----- c:\program files\PC Tools Firewall Plus
2009-09-29 06:21 <DIR> --d----- c:\program files\Everything

==================== Find3M ====================

2009-10-20 06:23 333,192 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-20 06:23 360,584 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-20 06:23 12,464 a------- c:\windows\system32\avgrsstx.dll
2009-09-21 06:08 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-11 22:00 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 09:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 16:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 05:35 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 03:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-26 03:00 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2009-08-25 21:53 578,560 a------- c:\windows\system32\dllcache\user32.dll
2009-08-06 19:24 327,896 a------- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 19:24 209,632 a------- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 19:24 35,552 a------- c:\windows\system32\dllcache\wups.dll
2009-08-06 19:24 53,472 a------- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 19:24 96,480 a------- c:\windows\system32\dllcache\cdm.dll
2009-08-06 19:23 575,704 a------- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 19:23 1,929,952 a------- c:\windows\system32\dllcache\wuaueng.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 20:44 2,189,184 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 20:44 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 10:13 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 09:20 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 09:20 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-08-04 09:20 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-07-31 12:41 4,212 a---h--- c:\windows\system32\zllictbl.dat
2001-08-17 22:36 138,752 a------- c:\documents and settings\ben lotvedt\windowssystem32sndvol32.exe
2008-05-08 06:33 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050820080509\index.dat
2008-05-08 06:34 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
2008-03-13 14:27 16,384 ac-sh--- c:\windows\temp\cookies\index.dat
2008-03-13 14:27 16,384 ac-sh--- c:\windows\temp\history\history.ie5\index.dat
2008-03-13 14:27 49,152 ac-sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 15:15:43.32 ===============

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users