Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus of some sort? Causing some problems...


  • This topic is locked This topic is locked
12 replies to this topic

#1 mariol

mariol

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 05 November 2009 - 09:32 PM

Pop ups on Firefox and MBAM suddenly won't open. I re-downloaded and re-installed it, but it still doesn't open. It says "windows is searching for MBAM.exe to locate the file yourself, press browse" then it says "the item MBAM.exe has been changed or removed" when i double click the shortcut and the orignal file as well. Im' guessing a virus of some sort but i dont know. Pop Ups such as "Free Gadgets" and "Free Scanners" etc. occur as well.

Also this is what I get when I try to re-install:
unable to execute file: C:\Program Files\MalwareBytes' Anti-Malware\mbam.exe

I had some suspicion with this process which was on task manager rdl1f.tmp.exe, i've never seen it before.




DDS (Ver_09-10-26.01) - NTFSx86
Run by 32 STAT at 18:01:49.40 on Thu 11/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.992.498 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning enabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\32 STAT\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/bin/search?p={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Shell=Explorer.exe logon.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CAutoComplete Object: {9452efd9-fe71-4678-a595-4751f4224c5d} - c:\windows\AutoComplete.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - No File
TB: {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - No File
TB: {61539ECD-CC67-4437-A03C-9AACCBD14326} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
mRun: [jadoralob] Rundll32.exe "c:\windows\system32\jogejase.dll",a
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [RunNarrator] Narrator.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...p;btn=yahoomail
IE: {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...mp;btn=yahoomsg
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partypoker.net\partypokernet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326}
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - {47B92A27-8252-420D-9630-378EF61434D7}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - hxxp://www.easports.com/downloads/games/common/snoopy/iesnoopy.cab
DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37848.6993865741
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
DPF: {CAFEEFAC-0013-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.3.0/jinstall-1_3_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://217.41.57.144/activex/AMC.cab
DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\jogejase.dll,tupurevo.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: dasireruf - {b875eb18-ff2a-4c5e-bad0-7e5c586800ac} - c:\windows\system32\jogejase.dll
STS: tokatiluy: {b875eb18-ff2a-4c5e-bad0-7e5c586800ac} - c:\windows\system32\jogejase.dll
LSA: Notification Packages = scecli yokanate.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\32stat~1\applic~1\mozilla\firefox\profiles\6ofsiyqn.default\
FF - prefs.js: browser.startup.homepage - hxxp://swagbucks.com/
FF - component: c:\documents and settings\32 stat\application data\mozilla\firefox\profiles\6ofsiyqn.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\documents and settings\32 stat\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\NPSIStub.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-16 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-29 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-29 297752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-24 92296]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-5-15 935208]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2001-11-15 164864]
S2 sdjjlb;sdjjlb;c:\windows\system32\drivers\sdjjlb.sys --> c:\windows\system32\drivers\sdjjlb.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [2001-7-31 130332]

=============== Created Last 30 ================

2009-11-06 01:45:47 0 d-----w- c:\documents and settings\all users\Microsoft AData
2009-11-06 01:45:13 31236 ----a-w- c:\windows\system32\logon.exe
2009-11-02 01:03:03 0 d-----w- c:\program files\SelectRebates
2009-10-25 05:17:36 0 d-----w- c:\program files\ICCup

==================== Find3M ====================

2009-11-05 23:44:12 38 ----a-w- c:\documents and settings\32 stat\jagex_runescape_preferences.dat
2009-11-05 23:44:11 63 ----a-w- c:\documents and settings\32 stat\jagex_runescape_preferences2.dat
2009-10-22 09:19:04 5939712 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-10-01 02:38:23 73728 ----a-w- c:\windows\AutoComplete.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-10 22:54:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 22:53:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 17:55:38 77759 ----a-w- c:\windows\War3Unin.dat
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\dllcache\strmdll.dll
2009-08-22 17:22:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-17 00:17:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-06 01:45:39 53760 --sha-w- c:\windows\system32\guniyiyu.dll
2009-08-06 01:45:02 53760 --sha-w- c:\windows\system32\hewipali.dll
2009-08-06 01:45:04 92672 --sha-w- c:\windows\system32\jogejase.dll
2009-08-06 01:45:03 39424 --sha-w- c:\windows\system32\jonotama.dll
2009-08-06 01:45:39 53760 --sha-w- c:\windows\system32\tupurevo.dll
2009-08-06 01:45:39 53760 --sha-w- c:\windows\system32\yokanate.dll
2009-07-28 21:31:15 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-12-17 21:42:11 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-11-19 00:27:13 34105376 -csha-w- c:\windows\system32\drivers\fidbox.dat

============= FINISH: 18:03:36.50 ===============

Attached Files


Edited by mariol, 06 November 2009 - 08:53 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:42 PM

Posted 10 November 2009 - 07:24 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 mariol

mariol
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 10 November 2009 - 08:44 PM

I'm also getting google redirects on around 25 percent of my clicks

OTL logfile created on: 11/10/2009 5:39:04 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\32 STAT\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.53 Mb Total Physical Memory | 538.95 Mb Available Physical Memory | 54.36% Memory free
1.21 Gb Paging File | 0.85 Gb Available in Paging File | 70.09% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.00 Gb Total Space | 2.40 Gb Free Space | 7.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHMARIO
Current User Name: 32 STAT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/10 17:32:03 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\32 STAT\Desktop\OTL.exe
PRC - [2009/11/07 16:35:18 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/19 11:40:52 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/08/22 09:22:59 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/08/22 09:22:58 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/16 16:16:30 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/15 06:35:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/12 19:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/05 23:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/04/13 16:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\taskmgr.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/08 23:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2007/05/28 08:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\SYSTEM32\drivers\KodakCCS.exe
PRC - [2001/09/27 23:49:00 | 00,057,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe


========== Modules (SafeList) ==========

MOD - [2009/11/10 17:32:03 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\32 STAT\Desktop\OTL.exe
MOD - [2009/08/10 07:34:14 | 00,092,672 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\jelukahu.dll
MOD - [2009/08/09 15:37:01 | 00,053,760 | -HS- | M] () -- C:\WINDOWS\SYSTEM32\hupetetu.dll
MOD - [2008/04/13 16:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 16:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/19 11:40:52 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/08/22 09:22:58 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/16 16:16:30 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/15 06:35:52 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/12 19:56:52 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/03/05 23:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/02/17 08:59:00 | 02,794,234 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/08/08 23:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/05/28 08:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/08/24 19:33:00 | 00,911,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006/03/30 08:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/08/02 13:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/05/24 12:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\SYSTEM32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001/09/27 23:49:00 | 00,057,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc)


========== Driver Services (SafeList) ==========

DRV - [2009/07/28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\SYSTEM32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\SYSTEM32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\SYSTEM32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/05 22:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/15 11:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/08/09 17:50:12 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/06/10 18:56:08 | 00,030,728 | ---- | M] (ESET) -- C:\WINDOWS\SYSTEM32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2008/06/10 18:48:38 | 00,053,256 | ---- | M] (ESET) -- C:\WINDOWS\SYSTEM32\drivers\easdrv.sys -- (easdrv)
DRV - [2008/04/13 10:53:09 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 10:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 10:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\usbaudio.sys -- (usbaudio)
DRV - [2008/04/13 10:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/07/25 18:53:30 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2007/06/19 09:20:06 | 00,684,248 | ---- | M] (cFos Software GmbH) -- C:\WINDOWS\SYSTEM32\drivers\cfosspeed.sys -- (cFosSpeed)
DRV - [2006/10/02 16:27:13 | 00,629,264 | ---- | M] (Computer Associates International, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\VetEFile.sys -- (VETEFILE)
DRV - [2006/09/24 05:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/12/12 16:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\SYSTEM32\drivers\PS2.sys -- (Ps2)
DRV - [2005/10/27 16:24:30 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2005/10/27 16:24:29 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005/10/27 16:24:28 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\SYSTEM32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/08/02 13:10:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\SYSTEM32\drivers\npf.sys -- (NPF)
DRV - [2004/06/02 13:19:00 | 00,038,705 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\SYSTEM32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2004/06/02 13:17:56 | 00,151,985 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\SYSTEM32\drivers\ExportIt.sys -- (Exportit)
DRV - [2004/05/20 08:45:20 | 00,068,950 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\SYSTEM32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2004/05/20 08:41:54 | 00,061,564 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\SYSTEM32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2004/05/20 08:39:42 | 00,008,022 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\SYSTEM32\drivers\DcLps.sys -- (DcLps)
DRV - [2004/05/20 08:21:10 | 00,036,918 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\SYSTEM32\drivers\DcCam.sys -- (DCCAM)
DRV - [2003/08/02 19:12:40 | 00,028,164 | ---- | M] (MusicMatch, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/06/26 19:05:38 | 00,472,332 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\drivers\lvcm.sys -- (QCMerced)
DRV - [2003/03/31 14:29:00 | 00,625,537 | ---- | M] (LT) -- C:\WINDOWS\SYSTEM32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/11/15 22:14:44 | 00,164,864 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\drivers\sis7012.sys -- (SiS7012)
DRV - [2001/11/06 21:02:38 | 00,153,344 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\drivers\sisgrp.sys -- (SiS315)
DRV - [2001/10/15 18:05:50 | 00,044,544 | ---- | M] (Zero-Knowledge Systems Inc.) -- C:\WINDOWS\SYSTEM32\drivers\FREEDOM.sys -- (Freedom)
DRV - [2001/10/12 18:44:12 | 00,114,816 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\s3gNBm.sys -- (S3SavageNB)
DRV - [2001/09/28 18:52:04 | 00,027,008 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\SISAGP.sys -- (SISAGP)
DRV - [2001/09/28 12:16:46 | 00,031,744 | ---- | M] (SiS Corporation) -- C:\WINDOWS\SYSTEM32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001/09/27 23:49:00 | 00,702,777 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/09/16 17:45:04 | 00,013,716 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 21:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:53:42 | 00,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\loop.sys -- (msloop)
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\drivers\serscan.sys -- (StillCam)
DRV - [2001/08/17 12:49:58 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 11:50:26 | 00,731,648 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\drivers\e100b325.sys -- (E100B)
DRV - [2001/08/09 18:26:02 | 00,022,608 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\wandrv.sys -- (wandrv)
DRV - [2001/08/08 13:13:36 | 00,158,140 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 13:13:30 | 00,012,479 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 13:13:30 | 00,012,031 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 13:13:30 | 00,011,679 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 13:13:28 | 00,019,359 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 13:13:28 | 00,011,999 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 13:13:26 | 00,033,503 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 13:13:24 | 00,029,215 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 13:13:24 | 00,023,519 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 13:13:24 | 00,019,199 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/07/31 16:27:12 | 00,130,332 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\drivers\trid3dm.sys -- (trid3d)
DRV - [1996/04/03 11:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/bin/search?p={searchTerms}
IE - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 E6 6E 20 3E DF C9 01 [binary data]
IE - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\S-1-5-21-2781504589-2856520603-1574323382-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\S-1-5-21-2781504589-2856520603-1574323382-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://swagbucks.com/"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.1.9.2
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {d62e0de0-401b-11dd-ae16-0800200c9a66}:4.0.89
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3
FF - prefs.js..extensions.enabledItems: {2458abc0-f443-11dd-87af-0800200c9a66}:0.9
FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.5.2.08.11.09
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:1.1.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..extensions.enabledItems: FoxdieGraphite@tanjihay.com:3.1.9.2
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.1.0
FF - prefs.js..extensions.enabledItems: {5b35cb30-16b4-11de-8c30-0800200c9a66}:3.5.2.08.11.09
FF - prefs.js..extensions.enabledItems: {8181B740-5255-11D9-9FF6-0090995D2DCA}:0.8.09.07.17
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171


FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/11/04 14:00:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/05/20 17:38:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 16:01:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/22 09:22:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 16:37:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 16:37:02 | 00,000,000 | ---D | M]

[2008/12/24 17:25:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Extensions
[2008/05/08 05:45:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2008/12/24 17:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/12/03 20:38:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2009/11/09 17:39:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions
[2009/10/21 18:22:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2009/10/21 18:22:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2009/09/19 19:04:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/10/21 18:22:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66}
[2009/04/26 10:24:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/09/19 19:04:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\{8181B740-5255-11D9-9FF6-0090995D2DCA}
[2009/04/17 19:24:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2009/05/01 21:45:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/09/19 19:04:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\{d62e0de0-401b-11dd-ae16-0800200c9a66}
[2009/10/21 18:22:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2009/10/21 18:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2009/11/07 12:53:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/10/21 18:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/10/21 18:23:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\cfxHelper@Triton
[2009/09/19 19:04:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\chromifox@altmusictv.com
[2009/08/03 13:36:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\ChrominFrame@zero.fire
[2009/05/30 11:30:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\Foxdie@tanjihay.com
[2009/10/21 18:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\foxdie_ext_ocelot@foxdie.us
[2009/10/21 18:22:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\FoxdieGraphite@tanjihay.com
[2009/10/21 18:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\personas@christopher.beard
[2009/04/27 17:57:33 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\searchplugins\aim-search.xml
[2009/11/09 17:39:15 | 00,001,183 | ---- | M] () -- C:\Documents and Settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\searchplugins\swagbuckscom.xml
[2009/11/09 17:39:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/07 16:37:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/07/14 17:00:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/08/19 16:48:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/07/14 17:00:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/24 16:51:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/11/09 21:05:44 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/08/22 09:23:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/07 16:35:06 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/07 16:35:08 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2008/08/06 15:22:02 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/08/22 09:22:59 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/11/06 08:33:48 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2008/12/10 16:33:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2008/09/26 08:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2009/01/28 19:08:04 | 00,132,528 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
[2008/09/09 23:39:42 | 00,075,184 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2007/10/11 14:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2006/03/03 21:29:35 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/11/07 16:35:44 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2005/09/23 19:44:16 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/11/01 18:47:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/11/01 18:47:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/11/01 18:47:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/11/01 18:47:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/11/01 18:47:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/11/01 18:47:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/11/01 18:47:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2005/08/09 10:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2007/04/16 09:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/01/28 17:49:36 | 00,062,976 | ---- | M] (<NHN USA Inc>.) -- C:\Program Files\Mozilla Firefox\plugins\uc_sfighters_launching.dll
[2009/11/07 16:36:07 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/11/07 16:36:07 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/10/16 01:43:24 | 00,002,295 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/11/07 16:36:07 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/07 16:36:07 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/11/07 16:36:07 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/11/07 16:36:07 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/07 16:36:07 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (23 bytes) - C:\WINDOWS\SYSTEM32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CAutoComplete Object) - {9452EFD9-FE71-4678-A595-4751F4224C5D} - C:\WINDOWS\AutoComplete.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {17C2F782-A1C8-4FF7-92ED-70F82047DD1E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {17C2F782-A1C8-4FF7-92ED-70F82047DD1E} - No CLSID value found.
O3 - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [jadoralob] C:\WINDOWS\System32\jelukahu.DLL ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - Reg Error: Key error. File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O9 - Extra Button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PowerWord - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O15 - HKU\S-1-5-21-2781504589-2856520603-1574323382-1012\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} C:\Program Files\Yahoo!\common\yucconfig.dll (Reg Error: Key error.)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} http://www.easports.com/downloads/games/co...py/iesnoopy.cab (Reg Error: Key error.)
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab (Reg Error: Key error.)
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab (Ofoto Upload Manager Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...7848.6993865741 (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {CAFEEFAC-0013-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.3.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://217.41.57.144/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Chat http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\jogejase.dll) - C:\WINDOWS\System32\jogejase.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\piralume.dll) - C:\WINDOWS\System32\piralume.dll File not found
O20 - AppInit_DLLs: (hupetetu.dll) - C:\WINDOWS\System32\hupetetu.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\jelukahu.dll) - C:\WINDOWS\SYSTEM32\jelukahu.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (logon.exe) - File not found
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.
O21 - SSODL: japuvobaf - {9e781986-b266-47b1-82bc-4351a851f5f9} - C:\WINDOWS\System32\jogejase.dll File not found
O21 - SSODL: ligakehej - {39ec5f82-5763-4376-85e4-110853b2b863} - C:\WINDOWS\System32\piralume.dll File not found
O21 - SSODL: sidijoral - {0246371d-0886-4e8d-87a2-5ac90b148d3b} - C:\WINDOWS\SYSTEM32\jelukahu.dll ()
O22 - SharedTaskScheduler: {0246371d-0886-4e8d-87a2-5ac90b148d3b} - gahurihor - C:\WINDOWS\SYSTEM32\jelukahu.dll ()
O22 - SharedTaskScheduler: {39ec5f82-5763-4376-85e4-110853b2b863} - gahurihor - C:\WINDOWS\System32\piralume.dll File not found
O22 - SharedTaskScheduler: {9e781986-b266-47b1-82bc-4351a851f5f9} - tokatiluy - C:\WINDOWS\System32\jogejase.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/11/06 20:36:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{74b212cc-93fc-11de-a91d-00e0185d17a3}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{fa6a99ce-5c64-11de-a8c4-00e0185d17a3}\Shell - "" = AutoRun
O33 - MountPoints2\{fa6a99ce-5c64-11de-a8c4-00e0185d17a3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fa6a99ce-5c64-11de-a8c4-00e0185d17a3}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\negonito.dll
File not found -- C:\WINDOWS\System32\merunime.dll
[2009/11/10 17:32:02 | 00,528,896 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\32 STAT\Desktop\OTL.exe
[2009/11/10 08:30:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\32 STAT\Desktop\Pineapple.Express.DVDRip.XviD-ARROW
[2009/11/10 07:35:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\32 STAT\Desktop\Super Troopers KLAXXON
[2009/11/09 20:14:02 | 00,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2
[2009/11/09 19:24:37 | 01,674,242 | ---- | C] (Methlabs Productions ) -- C:\Documents and Settings\32 STAT\Desktop\pg2-070130.exe
[2009/11/08 18:59:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\32 STAT\Desktop\T's
[2009/11/07 16:26:14 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/11/07 16:26:14 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/11/07 16:26:14 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/11/07 16:26:13 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/11/07 16:26:02 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/11/07 16:26:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/11/07 12:53:15 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/11/07 12:50:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/11/07 12:50:33 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/11/07 12:49:29 | 00,482,184 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2009/11/07 11:18:32 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/11/07 11:14:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/11/07 10:51:17 | 00,891,048 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\32 STAT\Desktop\avg_free_stb_all_9_39_cnet.exe
[2009/11/07 10:33:06 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/11/07 09:27:28 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\32 STAT\Recent
[2009/11/06 19:26:35 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/06 19:21:04 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~0
[2009/11/06 19:19:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/11/05 19:54:13 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/11/05 18:02:29 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\32 STAT\Desktop\RootRepeal.exe
[2009/11/05 17:57:58 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\32 STAT\Desktop\mbam-setup.exe
[2009/11/05 17:45:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft AData
[2009/11/01 18:55:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\32 STAT\Application Data\vlc
[2009/10/24 21:17:36 | 00,000,000 | ---D | C] -- C:\Program Files\ICCup
[2009/10/17 19:06:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\32 STAT\Local Settings\Application Data\AIM
[2005/12/15 11:03:40 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/10 17:43:17 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\muzapege
[2009/11/10 17:32:03 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\32 STAT\Desktop\OTL.exe
[2009/11/10 07:34:59 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/10 07:32:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/10 07:32:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/10 07:32:33 | 10,397,65504 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/09 22:17:57 | 09,961,472 | ---- | M] () -- C:\Documents and Settings\32 STAT\ntuser.dat
[2009/11/09 22:17:50 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\32 STAT\ntuser.ini
[2009/11/09 22:17:01 | 02,687,848 | -H-- | M] () -- C:\Documents and Settings\32 STAT\Local Settings\Application Data\IconCache.db
[2009/11/09 19:28:13 | 01,674,242 | ---- | M] (Methlabs Productions ) -- C:\Documents and Settings\32 STAT\Desktop\pg2-070130.exe
[2009/11/09 19:26:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/07 16:26:48 | 00,001,718 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/11/07 12:51:32 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/11/07 10:51:24 | 00,891,048 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\32 STAT\Desktop\avg_free_stb_all_9_39_cnet.exe
[2009/11/07 10:33:12 | 00,000,701 | ---- | M] () -- C:\Documents and Settings\32 STAT\Desktop\SpywareBlaster.lnk
[2009/11/07 10:13:02 | 00,000,070 | -H-- | M] () -- C:\aaw7boot.cmd
[2009/11/06 19:26:12 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2009/11/05 22:00:57 | 00,000,000 | ---- | M] () -- C:\install.rdf
[2009/11/05 18:02:38 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\32 STAT\Desktop\RootRepeal.exe
[2009/11/05 18:00:54 | 00,523,776 | ---- | M] () -- C:\Documents and Settings\32 STAT\Desktop\dds.scr
[2009/11/05 17:58:19 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\32 STAT\Desktop\mbam-setup.exe
[2009/11/05 15:44:12 | 00,000,038 | ---- | M] () -- C:\Documents and Settings\32 STAT\jagex_runescape_preferences.dat
[2009/11/05 15:44:11 | 00,000,063 | ---- | M] () -- C:\Documents and Settings\32 STAT\jagex_runescape_preferences2.dat
[2009/11/04 00:08:28 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/02 18:58:37 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\32 STAT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/01 18:54:01 | 00,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/11/01 09:22:22 | 00,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/01 09:22:22 | 00,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/01 09:22:20 | 00,524,016 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/25 13:18:01 | 07,957,296 | ---- | M] () -- C:\Documents and Settings\32 STAT\Desktop\04 Awake And Alive.mp3
[2009/10/22 01:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 01:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[42 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/07 16:26:48 | 00,001,718 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/11/07 10:33:12 | 00,000,701 | ---- | C] () -- C:\Documents and Settings\32 STAT\Desktop\SpywareBlaster.lnk
[2009/11/07 10:12:59 | 00,000,070 | -H-- | C] () -- C:\aaw7boot.cmd
[2009/11/06 19:28:20 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/11/05 22:00:57 | 00,000,000 | ---- | C] () -- C:\install.rdf
[2009/11/05 18:00:45 | 00,523,776 | ---- | C] () -- C:\Documents and Settings\32 STAT\Desktop\dds.scr
[2009/11/01 18:54:01 | 00,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2009/10/25 13:35:39 | 07,957,296 | ---- | C] () -- C:\Documents and Settings\32 STAT\Desktop\04 Awake And Alive.mp3
[2009/09/09 16:13:20 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/05 20:28:16 | 00,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/08/10 07:34:14 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\jelukahu.dll
[2009/08/10 07:34:14 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\bekoduya.dll
[2009/08/09 15:37:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\zugowuva.dll
[2009/08/09 15:37:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\sisifeme.dll
[2009/08/09 15:37:01 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\hupetetu.dll
[2009/08/09 15:36:28 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\kunuzavi.dll
[2009/08/09 15:36:26 | 00,092,160 | -HS- | C] () -- C:\WINDOWS\System32\rojisabo.dll
[2009/08/09 15:36:26 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\fuweyuni.dll
[2009/08/08 21:42:43 | 00,092,672 | -HS- | C] () -- C:\WINDOWS\System32\bukujuri.dll
[2009/08/08 21:42:43 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\vosorudi.dll
[2009/08/08 09:42:41 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\titodopu.dll
[2009/08/06 15:36:36 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\pozimadu.dll
[2009/08/05 17:45:02 | 00,053,760 | -HS- | C] () -- C:\WINDOWS\System32\hewipali.dll
[2009/07/14 16:04:11 | 00,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI
[2009/01/05 19:27:10 | 00,000,166 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/01/05 19:22:42 | 00,000,949 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/11/16 13:27:36 | 00,000,003 | ---- | C] () -- C:\Documents and Settings\32 STAT\Application Data\desklop.ini
[2008/11/06 08:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 08:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 08:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 08:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/08/06 16:32:45 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/03 18:37:28 | 00,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/04/12 17:52:36 | 00,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2008/03/09 16:05:26 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/03 00:07:38 | 02,687,848 | -H-- | C] () -- C:\Documents and Settings\32 STAT\Local Settings\Application Data\IconCache.db
[2008/01/30 11:43:00 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\CheckRevision.dll
[2008/01/13 16:59:06 | 00,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2007/11/26 20:20:47 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/11/26 20:20:46 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/11/20 18:53:01 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/01/30 18:31:46 | 00,002,372 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2006/12/06 21:47:39 | 00,004,906 | ---- | C] () -- C:\Documents and Settings\32 STAT\Application Data\Cabos.plist
[2006/10/21 09:59:59 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2006/09/24 10:53:54 | 00,268,242 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
[2006/09/24 10:53:42 | 02,518,779 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
[2006/09/24 10:52:04 | 00,030,693 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
[2006/07/22 20:30:04 | 00,005,218 | ---- | C] () -- C:\Documents and Settings\32 STAT\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/07/22 20:30:04 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/07/21 20:19:22 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\32 STAT\Local Settings\Application Data\fusioncache.dat
[2006/07/21 18:41:37 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/07/21 18:31:41 | 00,008,115 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/28 18:01:20 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/04/14 09:37:26 | 00,000,031 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2006/03/06 19:16:39 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/02 21:49:12 | 00,000,730 | ---- | C] () -- C:\WINDOWS\ss_slide.ini
[2005/11/17 09:57:30 | 00,258,560 | ---- | C] () -- C:\WINDOWS\System32\MusicTagsAX.dll
[2005/11/11 19:27:42 | 00,001,791 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/14 19:10:24 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2005/10/11 19:14:47 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\H0tKeysH00k.DLL
[2005/08/02 13:24:01 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/07/31 09:15:26 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.32 STAT.ini
[2005/04/15 17:43:36 | 00,086,232 | ---- | C] () -- C:\Documents and Settings\32 STAT\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/04/15 17:43:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\32 STAT\Application Data\desktop.ini
[2005/04/15 17:43:02 | 00,045,056 | ---- | C] () -- C:\Documents and Settings\32 STAT\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/02/27 09:26:28 | 00,000,054 | ---- | C] () -- C:\WINDOWS\morphexe.INI
[2005/01/09 15:48:49 | 00,000,083 | ---- | C] () -- C:\WINDOWS\TBPlugin.INI
[2005/01/09 15:48:49 | 00,000,058 | ---- | C] () -- C:\WINDOWS\avconfig.ini
[2004/10/24 13:39:04 | 00,000,067 | ---- | C] () -- C:\WINDOWS\XDICT.INI
[2004/09/25 07:48:11 | 00,000,592 | ---- | C] () -- C:\WINDOWS\Jgzgpkia.ini
[2004/09/05 07:33:00 | 00,000,045 | ---- | C] () -- C:\WINDOWS\FGJFE.ini
[2004/08/21 13:41:15 | 00,014,938 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2004/02/01 11:21:56 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2003/08/15 15:43:05 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/08/15 12:19:21 | 00,003,131 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/08/15 12:18:44 | 00,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/08/07 12:01:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/07/14 11:30:28 | 00,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/07/13 16:42:48 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2003/02/26 14:47:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[2003/01/23 16:31:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/01/21 16:47:46 | 00,000,136 | ---- | C] () -- C:\WINDOWS\typeinst.ini
[2003/01/21 16:42:17 | 00,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2003/01/21 16:42:17 | 00,000,383 | ---- | C] () -- C:\WINDOWS\QNETP9.INI
[2002/11/13 16:12:55 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2002/09/21 19:59:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2002/08/01 19:36:08 | 00,000,137 | ---- | C] () -- C:\WINDOWS\Weather.INI
[2002/06/09 11:45:50 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2002/06/09 11:45:50 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2002/06/09 11:45:50 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2002/06/09 11:43:46 | 00,000,039 | ---- | C] () -- C:\WINDOWS\EPDE.ini
[2002/06/06 15:55:49 | 00,000,878 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2002/04/05 07:36:09 | 00,000,269 | ---- | C] () -- C:\WINDOWS\wmuncher.ini
[2002/04/05 07:21:19 | 00,000,198 | ---- | C] () -- C:\WINDOWS\atl_save.ini
[2002/04/05 07:08:23 | 00,000,037 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2002/03/31 07:23:16 | 00,000,072 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2002/03/31 06:58:09 | 00,000,026 | ---- | C] () -- C:\WINDOWS\ERegClnt.INI
[2002/03/30 20:40:47 | 00,060,464 | R--- | C] () -- C:\WINDOWS\System32\tlcsel32.dll
[2002/03/30 20:40:47 | 00,016,540 | R--- | C] () -- C:\WINDOWS\System32\tlcsel17.dll
[2001/12/17 20:54:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/12/05 01:26:46 | 00,000,562 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2001/11/07 01:45:01 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2001/11/07 01:45:01 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2001/11/07 01:37:54 | 00,009,876 | ---- | C] () -- C:\WINDOWS\System32\usbbc.sys
[2001/11/07 01:21:26 | 00,000,044 | ---- | C] () -- C:\WINDOWS\fantasy2.ini
[2001/11/07 01:21:26 | 00,000,011 | ---- | C] () -- C:\WINDOWS\album.ini
[2001/11/07 01:21:26 | 00,000,008 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2001/11/07 00:49:47 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2001/11/06 20:40:54 | 00,000,902 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/11/06 20:31:15 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/11/06 12:27:23 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2001/11/06 12:21:55 | 00,000,649 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/11/06 12:21:36 | 00,001,126 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/11/06 12:21:33 | 00,000,289 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/10/15 17:44:16 | 00,659,456 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001/10/15 17:44:16 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2001/08/08 13:13:22 | 00,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/08/08 00:07:02 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/07/06 15:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/05/23 00:37:50 | 00,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2000/12/29 16:34:01 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/22 03:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 06:56:08 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1996/04/03 11:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D1F691A
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EE96529E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB923A2
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF
< End of report >


OTL Extras logfile created on: 11/10/2009 5:39:04 PM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\32 STAT\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.53 Mb Total Physical Memory | 538.95 Mb Available Physical Memory | 54.36% Memory free
1.21 Gb Paging File | 0.85 Gb Available in Paging File | 70.09% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.00 Gb Total Space | 2.40 Gb Free Space | 7.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHMARIO
Current User Name: 32 STAT
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- Reg Error: Key error. File not found
.ini [@ = inifile] -- C:\WINDOWS\notepad.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\notepad.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2781504589-2856520603-1574323382-1012\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- Reg Error: Key error.
batfile [open] -- "%1" %* File not found
batfile [print] -- Reg Error: Key error.
cmdfile [edit] -- Reg Error: Key error.
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [open] -- Reg Error: Key error.
inffile [print] -- Reg Error: Key error.
inifile [open] -- notepad.exe %1 (Microsoft Corporation)
inifile [print] -- Reg Error: Key error.
jsfile [edit] -- Reg Error: Key error.
jsfile [print] -- Reg Error: Key error.
jsefile [edit] -- Reg Error: Key error.
jsefile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %* File not found
regfile [edit] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- notepad.exe %1 (Microsoft Corporation)
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbefile [edit] -- Reg Error: Key error.
vbefile [print] -- Reg Error: Key error.
vbsfile [edit] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Key error.
wsffile [edit] -- Reg Error: Key error.
wsffile [print] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Warcraft III\war3.exe" = C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\softnyx\GunboundWC\GunBound.gme" = C:\Program Files\softnyx\GunboundWC\GunBound.gme:*:Enabled:GunBound -- (Softnyx)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{b1767297-8a03-425e-b63c-653cdff484ed}" = Nero 9 Trial
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = ZoneAlarm Spy Blocker Toolbar
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"ERUNT_is1" = ERUNT 1.1j
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"GunboundWC_is1" = GunboundWC
"ICCup Launcher_is1" = ICCup Launcher
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"PeerGuardian_is1" = PeerGuardian 2.0
"Soldat_is1" = Soldat 1.5.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"VLC media player" = VLC media player 1.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2781504589-2856520603-1574323382-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"28635c2dd4e9d313" = DPG Video Editor v1.1
"Google Chrome" = Google Chrome
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0
"ijji.com" = ijji
"MirageChat" = MirageChat
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products
"WinDirStat" = WinDirStat 1.1.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/9/2009 8:14:25 PM | Computer Name = RICHMARIO | Source = Application Hang | ID = 1002
Description = Hanging application ShowTime.exe, version 5.4.13.100, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/13/2009 4:32:43 PM | Computer Name = RICHMARIO | Source = Application Error | ID = 1000
Description = Faulting application starcraft.exe, version 1.16.1.1, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 11/1/2009 10:47:47 PM | Computer Name = RICHMARIO | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x07051468.

Error - 11/2/2009 1:28:51 AM | Computer Name = RICHMARIO | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x04651468.

Error - 11/2/2009 10:38:14 PM | Computer Name = RICHMARIO | Source = Application Error | ID = 1000
Description = Faulting application pg2.exe, version 1.0.6.5, faulting module pg2.exe,
version 1.0.6.5, fault address 0x0002ee56.

Error - 11/2/2009 11:44:21 PM | Computer Name = RICHMARIO | Source = Application Error | ID = 1000
Description = Faulting application pg2.exe, version 1.0.6.5, faulting module unknown,
version 0.0.0.0, fault address 0x00000000.

Error - 11/4/2009 4:04:29 AM | Computer Name = RICHMARIO | Source = Application Error | ID = 1000
Description = Faulting application wordconv.exe, version 12.0.6500.5000, faulting
module unknown, version 0.0.0.0, fault address 0x3142314f.

Error - 11/5/2009 8:34:34 PM | Computer Name = RICHMARIO | Source = Application Error | ID = 1000
Description = Faulting application starcraft.exe, version 1.16.1.1, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 11/6/2009 11:22:41 PM | Computer Name = RICHMARIO | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/7/2009 2:20:54 PM | Computer Name = RICHMARIO | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

[ System Events ]
Error - 11/7/2009 6:40:00 PM | Computer Name = RICHMARIO | Source = Service Control Manager | ID = 7000
Description = The sdjjlb service failed to start due to the following error: %%2

Error - 11/7/2009 7:03:29 PM | Computer Name = RICHMARIO | Source = Service Control Manager | ID = 7000
Description = The sdjjlb service failed to start due to the following error: %%2

Error - 11/7/2009 8:04:46 PM | Computer Name = RICHMARIO | Source = Service Control Manager | ID = 7000
Description = The sdjjlb service failed to start due to the following error: %%2

Error - 11/7/2009 8:17:22 PM | Computer Name = RICHMARIO | Source = Service Control Manager | ID = 7000
Description = The sdjjlb service failed to start due to the following error: %%2

Error - 11/7/2009 10:29:47 PM | Computer Name = RICHMARIO | Source = Service Control Manager | ID = 7000
Description = The sdjjlb service failed to start due to the following error: %%2

Error - 11/8/2009 1:42:05 PM | Computer Name = RICHMARIO | Source = Service Control Manager | ID = 7000
Description = The sdjjlb service failed to start due to the following error: %%2

Error - 11/8/2009 1:52:01 PM | Computer Name = RICHMARIO | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 11/8/2009 7:04:05 PM | Computer Name = RICHMARIO | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 11/9/2009 7:34:38 PM | Computer Name = RICHMARIO | Source = Service Control Manager | ID = 7000
Description = The sdjjlb service failed to start due to the following error: %%2

Error - 11/10/2009 11:33:01 AM | Computer Name = RICHMARIO | Source = Service Control Manager | ID = 7000
Description = The sdjjlb service failed to start due to the following error: %%2


< End of report >

Edited by mariol, 10 November 2009 - 08:55 PM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:42 PM

Posted 11 November 2009 - 06:03 AM

Hi,

please run ComboFix:
Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 mariol

mariol
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 11 November 2009 - 01:37 PM

Looks like pop ups have stopped and MalwareBytes is running again. My computer is running much faster and smoother, thanks.

ComboFix 09-11-11.01 - 32 STAT 11/11/2009 9:39.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.992.545 [GMT -8:00]
Running from: c:\documents and settings\32 STAT\Desktop\ComboFix.exe
AV: Anti-Virus - SBC Yahoo! Online Protection *On-access scanning enabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Microsoft AData
c:\documents and settings\All Users\Microsoft AData\t.sid
c:\windows\AuTOcomplete.dll
c:\windows\system32\2291948809.dat
c:\windows\system32\bekoduya.dll
c:\windows\system32\bukujuri.dll
c:\windows\system32\foponiga.dll
c:\windows\system32\fuweyuni.dll
c:\windows\system32\guniyiyu.dll.tmp
c:\windows\system32\hetirika.dll
c:\windows\system32\hewipali.dll
c:\windows\system32\hupetetu.dll
c:\windows\system32\kunuzavi.dll
c:\windows\system32\lotakine.dll
c:\windows\system32\pozimadu.dll
c:\windows\system32\sisifeme.dll
c:\windows\system32\titodopu.dll
c:\windows\system32\tupurevo.dll.tmp
c:\windows\system32\vosorudi.dll
c:\windows\system32\wewusigo.dll
c:\windows\system32\yokanate.dll.tmp
c:\windows\system32\zugowuva.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-11 to 2009-11-11 )))))))))))))))))))))))))))))))
.

2009-11-10 04:14 . 2009-11-10 23:36 -------- d-----w- c:\program files\PeerGuardian2
2009-11-08 00:26 . 2009-03-30 18:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-08 00:26 . 2009-02-13 20:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-11-08 00:26 . 2009-02-13 20:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-11-08 00:26 . 2009-11-08 00:26 -------- d-----w- c:\program files\Avira
2009-11-08 00:26 . 2009-11-08 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-11-07 20:53 . 2009-11-07 20:53 -------- d-----w- c:\program files\AskBarDis
2009-11-07 20:50 . 2009-11-07 21:09 -------- d-----w- c:\windows\system32\ZoneLabs
2009-11-07 20:50 . 2009-11-07 20:50 -------- d-----w- c:\program files\Zone Labs
2009-11-07 19:18 . 2009-11-08 00:12 -------- d-----w- C:\$AVG
2009-11-07 19:14 . 2009-11-08 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-07 18:33 . 2009-11-07 18:36 -------- d-----w- c:\program files\SpywareBlaster
2009-11-07 18:12 . 2009-11-07 18:13 70 ---ha-w- C:\aaw7boot.cmd
2009-11-07 03:26 . 2009-11-07 03:26 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-07 03:21 . 2009-11-07 18:39 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-11-07 03:21 . 2009-10-03 08:15 2924848 -c----w- c:\documents and settings\All Users\Application Data\~0\Ad-AwareInstallation.exe
2009-11-07 03:19 . 2009-11-07 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-06 03:54 . 2009-11-06 03:54 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-11-02 02:55 . 2009-11-11 04:58 -------- d-----w- c:\documents and settings\32 STAT\Application Data\vlc
2009-10-25 05:17 . 2009-10-25 05:17 -------- d-----w- c:\program files\ICCup
2009-10-18 03:06 . 2009-10-18 03:06 -------- d-----w- c:\documents and settings\32 STAT\Local Settings\Application Data\AIM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 08:27 . 2008-02-23 23:39 -------- d-----w- c:\program files\Starcraft
2009-11-10 23:36 . 2007-06-19 00:03 -------- d-----w- c:\documents and settings\32 STAT\Application Data\uTorrent
2009-11-10 01:29 . 2007-08-24 01:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-07 20:51 . 2004-11-02 03:01 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-11-07 19:15 . 2009-05-30 05:30 -------- d-----w- c:\program files\AVG
2009-11-07 17:27 . 2009-04-22 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-07 17:27 . 2008-12-07 02:33 -------- d-----w- c:\documents and settings\32 STAT\Application Data\Azureus
2009-11-07 05:56 . 2008-11-09 05:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-05 23:44 . 2008-07-04 06:03 38 ----a-w- c:\documents and settings\32 STAT\jagex_runescape_preferences.dat
2009-11-05 23:44 . 2009-09-02 20:53 63 ----a-w- c:\documents and settings\32 STAT\jagex_runescape_preferences2.dat
2009-11-04 22:00 . 2008-12-24 17:00 -------- d-----w- c:\program files\McAfee
2009-11-04 08:08 . 2005-03-04 03:32 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-17 06:06 . 2009-07-20 01:09 -------- d-----w- c:\program files\Warcraft III
2009-10-11 17:06 . 2008-05-08 22:54 -------- d-----w- c:\program files\Safari
2009-10-01 03:46 . 2009-10-01 03:46 -------- d-----w- c:\program files\softnyx
2009-09-16 21:00 . 2009-09-16 21:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-12 22:44 . 2009-09-12 22:35 -------- d-----w- c:\program files\Project64 1.6
2009-09-12 22:36 . 2009-09-12 22:36 8854 ----a-r- c:\documents and settings\32 STAT\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-09-12 22:36 . 2009-09-12 22:36 40960 ----a-r- c:\documents and settings\32 STAT\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-09-12 22:36 . 2009-09-12 22:36 40960 ----a-r- c:\documents and settings\32 STAT\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-09-11 14:18 . 2002-06-08 18:16 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 22:54 . 2008-11-09 05:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 22:53 . 2008-11-09 05:52 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2002-06-08 18:16 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-24 03:32 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 17:55 . 2009-07-20 01:16 77759 ----a-w- c:\windows\War3Unin.dat
2009-08-26 08:00 . 2003-08-16 03:26 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 22:39 . 2009-04-11 18:25 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-22 17:22 . 2008-11-10 05:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-01-29 01:49 . 2009-01-29 01:49 62976 ----a-w- c:\program files\mozilla firefox\plugins\uc_sfighters_launching.dll
2008-11-19 00:27 . 2008-07-14 01:25 34105376 -csha-w- c:\windows\SYSTEM32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-17 02:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-17 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-22 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\softnyx\\GunboundWC\\GunBound.gme"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/7/2009 4:26 PM 108289]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [11/7/2009 12:53 PM 464264]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/29/2009 9:30 PM 297752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/24/2008 9:02 AM 92296]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\SYSTEM32\drivers\sis7012.sys [11/15/2001 10:14 PM 164864]
S2 sdjjlb;sdjjlb;c:\windows\system32\drivers\sdjjlb.sys --> c:\windows\system32\drivers\sdjjlb.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\SYSTEM32\drivers\npf.sys [8/2/2005 1:10 PM 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 trid3d;trid3d;c:\windows\SYSTEM32\drivers\trid3dm.sys [7/31/2001 4:27 PM 130332]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/bin/search?p={searchTerms}
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...p;btn=yahoomail
IE: {{6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns
IE: {{9A687CA6-D585-4947-9ED9-BE96071F5CD9} - {47B92A27-8252-420D-9630-378EF61434D7} -
LSP: c:\windows\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://217.41.57.144/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\
FF - prefs.js: browser.startup.homepage - hxxp://swagbucks.com/
FF - component: c:\documents and settings\32 STAT\Application Data\Mozilla\Firefox\Profiles\6ofsiyqn.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\documents and settings\32 STAT\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\NPSIStub.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{e3c46f54-04c0-4b6d-9963-a5f38c4610f1} - sisifeme.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-jadoralob - c:\windows\system32\wewusigo.dll
HKLM-Run-rafejujalu - zugowuva.dll
SharedTaskScheduler-{39ec5f82-5763-4376-85e4-110853b2b863} - c:\windows\system32\piralume.dll
SharedTaskScheduler-{9e781986-b266-47b1-82bc-4351a851f5f9} - c:\windows\system32\jogejase.dll
SharedTaskScheduler-{da33a69e-a53c-4275-af23-7d2d995e2323} - c:\windows\system32\wewusigo.dll
SSODL-ligakehej-{39ec5f82-5763-4376-85e4-110853b2b863} - c:\windows\system32\piralume.dll
SSODL-japuvobaf-{9e781986-b266-47b1-82bc-4351a851f5f9} - c:\windows\system32\jogejase.dll
SSODL-foyokirut-{da33a69e-a53c-4275-af23-7d2d995e2323} - c:\windows\system32\wewusigo.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 10:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spah.sys >>UNKNOWN [0x8738B938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

atapi.sys @ 0x0 0x0 bytes

\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xBAE5AB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xBAE5AB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xBAE5AB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xBAE5AB40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xBAE5AB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xBAE5AB40 atapi.sys
\Driver\atapi IRP hooks detected !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,6d,64,e2,82,1a,0f,4e,ba,e2,e1,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ad,6d,64,e2,82,1a,0f,4e,ba,e2,e1,\

[HKEY_USERS\S-1-5-21-2781504589-2856520603-1574323382-1012\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1344)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(2684)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-11 10:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-11 18:31

Pre-Run: 2,459,451,392 bytes free
Post-Run: 2,672,177,152 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B7D2A86EF7E5BF6A7DDB4972FA6D283C

Edited by mariol, 11 November 2009 - 01:41 PM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:42 PM

Posted 11 November 2009 - 06:08 PM

Hi,

since Malwarebytes is running again, please provide a new log from it:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Please also run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 mariol

mariol
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 11 November 2009 - 10:11 PM

Malwarebytes' Anti-Malware 1.41
Database version: 3151
Windows 5.1.2600 Service Pack 3

11/11/2009 6:35:02 PM
mbam-log-2009-11-11 (18-35-02).txt

Scan type: Quick Scan
Objects scanned: 144085
Time elapsed: 17 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{9677d5d8-b782-4800-bc73-16a59fc8d5b7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{2b0378e2-af97-413b-bde9-043094121de3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AutoComplete.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



--


GMER 1.0.15.15220 - http://www.gmer.net
Rootkit scan 2009-11-11 19:09:30
Windows 5.1.2600 Service Pack 3
Running: 5cb1ywxr.exe; Driver: C:\DOCUME~1\32STAT~1\LOCALS~1\Temp\fxldypod.sys


---- System - GMER 1.0.15 ----

SSDT F7B294AE ZwCreateKey
SSDT F7B294A4 ZwCreateThread
SSDT F7B294B3 ZwDeleteKey
SSDT F7B294BD ZwDeleteValueKey
SSDT spfi.sys ZwEnumerateKey [0xBAEFECA2]
SSDT spfi.sys ZwEnumerateValueKey [0xBAEFF030]
SSDT F7B294C2 ZwLoadKey
SSDT spfi.sys ZwOpenKey [0xBAEE00C0]
SSDT F7B29490 ZwOpenProcess
SSDT F7B29495 ZwOpenThread
SSDT spfi.sys ZwQueryKey [0xBAEFF108]
SSDT spfi.sys ZwQueryValueKey [0xBAEFEF88]
SSDT F7B294CC ZwReplaceKey
SSDT F7B294C7 ZwRestoreKey
SSDT F7B294B8 ZwSetValueKey
SSDT F7B2949F ZwTerminateProcess

INT 0x62 ? 8736ABF8
INT 0x73 ? 8736CBF8
INT 0x82 ? 8736ABF8
INT 0xB4 ? 871E4BF8

---- Kernel code sections - GMER 1.0.15 ----

? spfi.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload BAC368AC 5 Bytes JMP 871E41D8
.text ag1r5lk8.SYS F6A74384 1 Byte [20]
.text ag1r5lk8.SYS F6A74384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text ag1r5lk8.SYS F6A743AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text ag1r5lk8.SYS F6A743C4 3 Bytes [00, 00, 00]
.text ag1r5lk8.SYS F6A743C9 1 Byte [00]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8736C2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [BAF11C4C] spfi.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [BAF11CA0] spfi.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BAEE1040] spfi.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BAEE113C] spfi.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BAEE10BE] spfi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BAEE17FC] spfi.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BAEE16D2] spfi.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BAEF1048] spfi.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 871E42D8
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!RtlInitUnicodeString] 000000A5
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!swprintf] 000000E5
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KeSetEvent] 000000F1
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 00000071
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 000000D8
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00000031
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!MmFreeMappingAddress] 00000015
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 00000004
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 000000C7
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!MmUnmapIoSpace] 00000023
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 000000C3
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IofCompleteRequest] 00000018
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 00000096
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IofCallDriver] 00000005
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 0000009A
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 00000007
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoConnectInterrupt] 00000012
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoDetachDevice] 00000080
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KeWaitForSingleObject] 000000E2
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KeInitializeEvent] 000000EB
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KeCancelTimer] 00000027
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 000000B2
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!RtlInitAnsiString] 00000075
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 00000009
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoQueueWorkItem] 00000083
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!MmMapIoSpace] 0000002C
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0000001A
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoReportDetectedDevice] 0000001B
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0000006E
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0000005A
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000000A0
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00000052
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 0000003B
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 000000D6
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!sprintf] 000000B3
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00000029
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!ObfDereferenceObject] 000000E3
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0000002F
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 00000084
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!ZwClose] 00000053
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 000000D1
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00000000
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 000000ED
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 00000020
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoCreateDevice] 000000FC
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 000000B1
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0000005B
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 0000006A
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!ZwOpenKey] 000000CB
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 000000BE
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoStartTimer] 00000039
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KeInitializeTimer] 0000004A
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoInitializeTimer] 0000004C
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KeInitializeDpc] 00000058
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KeInitializeSpinLock] 000000CF
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoInitializeIrp] 000000D0
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!ZwCreateKey] 000000EF
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 000000AA
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 000000FB
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!ZwSetValueKey] 00000043
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KeInsertQueueDpc] 0000004D
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 00000033
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoStartPacket] 00000085
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 00000045
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 000000F9
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoFreeMdl] 00000002
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!MmUnlockPages] 0000007F
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 00000050
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 0000003C
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 0000009F
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 000000A8
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KeSynchronizeExecution] 00000051
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoStartNextPacket] 000000A3
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KeBugCheckEx] 00000040
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 0000008F
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KeSetTimer] 00000092
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!_allmul] 0000009D
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000038
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!_except_handler3] 000000F5
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!PoSetPowerState] 000000BC
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 000000B6
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 000000DA
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00000021
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!_aulldiv] 00000010
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!strstr] 000000FF
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!_strupr] 000000F3
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KeQuerySystemTime] 000000D2
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 000000CD
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!KeTickCount] 0000000C
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00000013
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoDeleteDevice] 000000EC
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 0000005F
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00000097
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoAllocateIrp] 00000044
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoAllocateMdl] 00000017
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 000000C4
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!MmLockPagableDataSection] 000000A7
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 0000007E
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 0000003D
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00000064
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoFreeIrp] 0000005D
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!IoFreeWorkItem] 00000019
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!InitSafeBootMode] 00000073
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!RtlCompareMemory] 00000060
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!PoCallDriver] 00000081
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!memmove] 0000004F
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[ntoskrnl.exe!MmHighestUserAddress] 000000DC
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\ag1r5lk8.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 873691F8
Device \FileSystem\Fastfat \FatCdrom 86B71500
Device \Driver\sptd \Device\2090002736 spfi.sys
Device \Driver\usbohci \Device\USBPDO-0 871E31F8
Device \Driver\usbohci \Device\USBPDO-1 871E31F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 873DB1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 873DB1F8
Device \Driver\Cdrom \Device\CdRom0 871BD1F8
Device \Driver\atapi \Device\Ide\IdePort0 [BAE5AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [BAE5AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [BAE5AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [BAE5AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 871BD1F8
Device \Driver\Cdrom \Device\CdRom2 871BD1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86E171F8
Device \Driver\NetBT \Device\NetbiosSmb 86E171F8
Device \Driver\PCI_PNP8986 \Device\0000005c spfi.sys
Device \Driver\PCI_PNP8986 \Device\0000005c spfi.sys
Device \Driver\usbohci \Device\USBFDO-0 871E31F8
Device \Driver\usbohci \Device\USBFDO-1 871E31F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{AE992C4A-F114-4719-A349-A63998E6A8BF} 86E171F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86DD11F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86DD11F8
Device \Driver\Ftdisk \Device\FtControl 873DB1F8
Device \Driver\ag1r5lk8 \Device\Scsi\ag1r5lk81Port2Path0Target0Lun0 871871F8
Device \Driver\ag1r5lk8 \Device\Scsi\ag1r5lk81 871871F8
Device \Driver\ag1r5lk8 \Device\Scsi\ag1r5lk81Port2Path0Target1Lun0 871871F8
Device \FileSystem\Fastfat \Fat 86B71500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 870881F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD5 0xC8 0xC6 0xC2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2B 0x6D 0xF8 0x77 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x15 0x21 0x16 0x19 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x25 0xF5 0xFD 0x60 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x81 0x0A 0xCD 0xF9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x84 0x25 0x68 0x13 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x29 0x05 0x45 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD5 0xC8 0xC6 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2B 0x6D 0xF8 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x15 0x21 0x16 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x25 0xF5 0xFD 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x81 0x0A 0xCD 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x84 0x25 0x68 0x13 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x29 0x05 0x45 0x5F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD5 0xC8 0xC6 0xC2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2B 0x6D 0xF8 0x77 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x15 0x21 0x16 0x19 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x25 0xF5 0xFD 0x60 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x81 0x0A 0xCD 0xF9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x84 0x25 0x68 0x13 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x29 0x05 0x45 0x5F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xD5 0xC8 0xC6 0xC2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2B 0x6D 0xF8 0x77 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x15 0x21 0x16 0x19 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x25 0xF5 0xFD 0x60 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x81 0x0A 0xCD 0xF9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x84 0x25 0x68 0x13 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x29 0x05 0x45 0x5F ...
Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\InprocServer32@ C:\WINDOWS\System32\msjava.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\ProgID@ SdcUser.SdcSyncItem.1
Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\TypeLib@ {01111001-3e00-11d2-8470-0060089874ed}
Reg HKLM\SOFTWARE\Classes\CLSID\{248FCFB3-5914-AF2C-CCBA-9BB5E3C749D5}\VersionIndependentProgID@ SdcUser.SdcSyncItem
Reg HKLM\SOFTWARE\Classes\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\InprocServer32@ C:\WINDOWS\System32\qcap.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{3B6C15BE-F9FD-7E15-F865-ABA8E2A09915}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32@ C:\Program Files\Common Files\Microsoft Shared\DAO\dao360.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\ProgID@ DAO.Field.36
Reg HKLM\SOFTWARE\Classes\CLSID\{6802E635-CB18-F544-790D-700BAC51E508}\InprocServer32@ C:\Program Files\Common Files\System\ado\msado15.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{6802E635-CB18-F544-790D-700BAC51E508}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{6802E635-CB18-F544-790D-700BAC51E508}\ProgID@ ADODB.Recordset.2.7
Reg HKLM\SOFTWARE\Classes\CLSID\{6802E635-CB18-F544-790D-700BAC51E508}\VersionIndependentProgID@ ADODB.Recordset

---- EOF - GMER 1.0.15 ----

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:42 PM

Posted 12 November 2009 - 06:28 AM

Hi,

things are looking good. Just to be safe I would like you to do an online scan:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Please also list all remaining problems you might have.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 mariol

mariol
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 14 November 2009 - 06:20 PM

I stopped the scan after it was at 99% for 3 hours or so, and i got this log from ESET Online Scanner folder. Not sure if this is the right one.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=722c9c80c68a64448ad2069c3f2b5953
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-13 02:10:54
# local_time=2009-11-12 06:10:54 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 24464235 24464235 0 0
# compatibility_mode=768 16777215 100 0 24457665 24457665 0 0
# compatibility_mode=1024 16777215 100 0 372162 372162 0 0
# compatibility_mode=1797 16775125 100 100 7802 34394708 0 0
# compatibility_mode=8192 67108839 100 0 0 0 0 0
# compatibility_mode=9217 16777214 0 13 365278 25410410 0 0
# scanned=5477
# found=0
# cleaned=0
# scan_time=2013
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=722c9c80c68a64448ad2069c3f2b5953
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-14 11:14:37
# local_time=2009-11-14 03:14:37 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 24605178 24605178 0 0
# compatibility_mode=768 16777215 100 0 24598608 24598608 0 0
# compatibility_mode=1024 16777215 100 0 513105 513105 0 0
# compatibility_mode=1797 16775125 100 100 0 34535651 0 0
# compatibility_mode=8192 67108839 100 0 0 0 0 0
# compatibility_mode=9217 16777214 0 13 506221 25551353 0 0
# scanned=76861
# found=1
# cleaned=1
# scan_time=23279
C:\Documents and Settings\32 STAT\Local Settings\temp\575.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:42 PM

Posted 15 November 2009 - 07:57 PM

Hi,

please empty your temp folders:
Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

And try another online scanner:
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 mariol

mariol
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 19 November 2009 - 09:06 PM

Hmm this Kaspersky is taking VERRYYY long. It hasn't even started scanning yet..
been updating at 15% for half an hour now... and took half an hour to get the 15%. and it's laggin my computer badly ;(

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:42 PM

Posted 22 November 2009 - 09:15 PM

Hi,

please let the scan run through once, so that we can be sure no infections remain.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,770 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:42 PM

Posted 29 November 2009 - 03:29 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users