Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boaxxe.E VIRUS!


  • This topic is locked This topic is locked
6 replies to this topic

#1 vmkrulz

vmkrulz

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 30 November 2009 - 12:50 AM

microsoft security essensials keeps detecting and removing this again and again.....

this is what mse shows


Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommendation: Remove this software immediately.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
file:C:\Windows\Temp\glui.tmp\svchost.exe->(UPX)

Get more information about this item online.







This is my hijackthis log:-




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:28 AM, on 30-Nov-09
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\DeskPins\DeskPins.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\WordWeb\wweb32.exe
C:\Windows\explorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Users\W4steD\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.200.11:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [lrsprp] C:\Windows\lrsprp.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SWQuickLauncher] D:\SolarWinds\Engineer's Toolset\SWLauncher.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [googletalk] C:\Users\W4steD\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Google Update] "C:\Users\W4steD\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CircleDock - Shortcut.lnk = D:\The Engine\CircleDock0.9.2Alpha8.2\CircleDock.exe
O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: winsp.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res:///105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{3411024B-1FC2-43F1-87D0-735C859CBFB4}: NameServer = 59.179.243.70,203.94.243.70
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C338466-FB44-4089-BA97-66CCEC8E2DBF}: NameServer = 10.3.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3411024B-1FC2-43F1-87D0-735C859CBFB4}: NameServer = 59.179.243.70,203.94.243.70
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Change Modem Device Service - Unknown owner - C:\Windows\system32\ChgService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PlayIt Video Server Manager (PlayItVideoServer) - Unknown owner - C:\Program Files\Luttmann\vmcPlayIt\PlayItVideoServer.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolarWinds TFTP Server - SolarWinds - D:\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\STacSV.exe
O23 - Service: XMouseButton Launcher - Highresolution Enterprises - C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe

--
End of file - 11604 bytes




plz help!

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:27 AM

Posted 30 November 2009 - 11:12 AM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5
    %SYSTEMDRIVE%\nvatabus.sys /s /md5
    %SYSTEMDRIVE%\viamraid.sys /s /md5
    %SYSTEMDRIVE%\nvata.sys /s /md5
    CREATERESTOREPOINT



  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 vmkrulz

vmkrulz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 30 November 2009 - 11:11 PM

Thank you sir for your reply....here the logs you asked:-


This is the log from the malwarebytes' Anti-malware program

zMalwarebytes' Anti-Malware 1.41
Database version: 3264
Windows 6.1.7600

01-Dec-09 6:42:00 AM
mbam-log-2009-12-01 (06-42-00).txt

Scan type: Quick Scan
Objects scanned: 102994
Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.




This is the log from the OTL program



OTL logfile created on: 01-Dec-09 9:34:26 AM - Run 1
OTL by OldTimer - Version 3.1.11.4 Folder = E:\hp drivers
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.00 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 40.63% Memory free
4.00 Gb Paging File | 2.49 Gb Available in Paging File | 62.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 61.16 Gb Total Space | 4.69 Gb Free Space | 7.67% Space Free | Partition Type: NTFS
Drive D: | 78.12 Gb Total Space | 5.03 Gb Free Space | 6.44% Space Free | Partition Type: NTFS
Drive E: | 9.76 Gb Total Space | 2.37 Gb Free Space | 24.29% Space Free | Partition Type: NTFS
Drive F: | 125.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: W4STED-PC
Current User Name: W4steD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009-12-01 00:01:19 | 00,535,552 | ---- | M] (OldTimer Tools) -- E:\hp drivers\OTL.exe
PRC - [2009-11-24 20:56:01 | 02,606,512 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2009-11-19 12:23:47 | 00,135,664 | ---- | M] (Google Inc.) -- C:\Users\W4steD\AppData\Local\Google\Update\GoogleUpdate.exe
PRC - [2009-11-10 15:39:26 | 05,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009-11-09 18:20:06 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-10-09 16:47:24 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009-10-09 16:47:24 | 00,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009-10-09 08:53:32 | 01,078,664 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009-09-18 07:01:02 | 00,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jusched.exe
PRC - [2009-09-16 01:58:52 | 00,204,848 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2009-09-14 07:22:50 | 01,048,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009-09-01 13:56:58 | 00,484,352 | ---- | M] (Highresolution Enterprises) -- C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
PRC - [2009-09-01 13:56:56 | 00,071,168 | ---- | M] (Highresolution Enterprises) -- C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
PRC - [2009-08-20 03:54:18 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009-08-17 19:10:36 | 00,225,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2009-08-03 20:05:02 | 00,238,888 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
PRC - [2009-08-03 11:05:50 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-07-14 06:44:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 06:44:15 | 00,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009-07-03 06:06:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009-06-05 07:33:32 | 00,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009-06-05 07:33:06 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009-04-01 03:44:54 | 00,114,840 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2009-03-21 17:58:32 | 00,135,168 | ---- | M] () -- C:\Windows\System32\ChgService.exe
PRC - [2009-01-30 13:20:06 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009-01-30 13:20:06 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008-05-02 09:45:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008-04-30 07:14:28 | 00,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2008-04-30 06:55:36 | 00,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008-03-15 05:20:59 | 00,233,472 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2008-02-18 18:31:01 | 00,251,312 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2008-02-16 06:55:34 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\stacsv.exe
PRC - [2008-02-16 06:53:20 | 00,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007-10-26 02:01:20 | 00,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007-09-21 04:01:10 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007-09-03 02:28:52 | 00,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007-07-26 05:11:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007-07-26 04:52:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007-06-07 05:14:44 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007-05-23 02:48:56 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007-05-10 05:31:00 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007-01-27 22:12:48 | 00,044,384 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2007-01-02 02:52:02 | 03,739,648 | ---- | M] (Google) -- C:\Users\W4steD\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2006-09-09 03:40:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006-03-01 01:12:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2004-05-02 22:32:51 | 00,062,464 | ---- | M] (Elias Fotinis) -- C:\Program Files\DeskPins\DeskPins.exe


========== Modules (SafeList) ==========

MOD - [2009-12-01 00:01:19 | 00,535,552 | ---- | M] (OldTimer Tools) -- E:\hp drivers\OTL.exe
MOD - [2009-07-14 06:46:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 06:46:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 06:46:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-14 06:46:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 06:46:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-14 06:45:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 06:45:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 06:45:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 06:45:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 06:45:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 06:33:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009-10-23 10:52:18 | 00,081,408 | ---- | M] () -- C:\Program Files\Luttmann\vmcPlayIt\PlayItVideoServer.exe -- (PlayItVideoServer)
SRV - [2009-10-09 08:53:32 | 01,078,664 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009-10-02 03:48:30 | 00,036,352 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009-09-18 09:03:53 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-09-16 01:59:04 | 00,057,640 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009-09-16 01:58:52 | 00,204,848 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009-09-01 13:56:56 | 00,071,168 | ---- | M] (Highresolution Enterprises) -- C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe -- (XMouseButton Launcher)
SRV - [2009-08-21 15:47:14 | 30,510,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009-08-21 15:39:22 | 00,149,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009-08-21 15:36:08 | 04,639,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009-08-20 03:54:18 | 00,211,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009-07-14 06:46:21 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 06:46:17 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 06:46:17 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 06:46:16 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 06:46:15 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 06:46:13 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 06:46:13 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 06:46:12 | 01,004,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 06:46:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-14 06:46:12 | 00,269,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 06:46:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 06:46:12 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 06:45:41 | 00,680,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 06:45:36 | 00,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 06:45:21 | 00,797,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-07-14 06:45:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 06:45:10 | 00,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 06:44:59 | 00,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 06:44:58 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009-07-14 06:44:53 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 06:44:29 | 03,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009-07-03 06:06:52 | 00,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009-06-05 07:33:06 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009-03-21 17:58:32 | 00,135,168 | ---- | M] () -- C:\Windows\System32\ChgService.exe -- (Change Modem Device Service)
SRV - [2009-01-30 13:20:06 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008-04-08 04:46:26 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008-02-16 06:55:34 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_24288096a5cd99f6\stacsv.exe -- (STacSV)
SRV - [2007-11-07 01:52:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007-09-21 04:01:10 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007-07-26 05:11:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007-07-26 04:52:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007-05-17 21:54:26 | 00,046,008 | ---- | M] (SolarWinds) -- D:\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe -- (SolarWinds TFTP Server)
SRV - [2006-03-01 01:12:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2575695102-1773156560-2108021336-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2575695102-1773156560-2108021336-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2575695102-1773156560-2108021336-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/default.aspx?froo=www
IE - HKU\S-1-5-21-2575695102-1773156560-2108021336-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2575695102-1773156560-2108021336-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 9B CD 01 E0 62 CA 01 [binary data]
IE - HKU\S-1-5-21-2575695102-1773156560-2108021336-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2575695102-1773156560-2108021336-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2575695102-1773156560-2108021336-1000\S-1-5-21-2575695102-1773156560-2108021336-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2575695102-1773156560-2108021336-1000\S-1-5-21-2575695102-1773156560-2108021336-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;<local>
IE - HKU\S-1-5-21-2575695102-1773156560-2108021336-1000\S-1-5-21-2575695102-1773156560-2108021336-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.200.11:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.joesgoals.com/index.cfm"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:5.8
FF - prefs.js..extensions.enabledItems: passwordbank@upek.com:5.8.2.5686.3.5
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.4
FF - prefs.js..extensions.enabledItems: refractor@developer.mozilla.org:1.0b2
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.5
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "localhost"
FF - prefs.js..network.proxy.backup.socks_port: 9050
FF - prefs.js..network.proxy.backup.ssl: "localhost"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "172.16.200.11"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "172.16.200.11"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "172.16.200.11"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "172.16.200.11"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "172.16.200.11"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-11-09 18:20:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-11-15 08:22:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2009-11-02 18:47:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2009-11-02 18:47:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009-11-02 18:47:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009-11-02 18:47:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.18\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2009-11-02 18:47:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.18\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2009-11-02 18:47:35 | 00,000,000 | ---D | M]

[2009-09-18 08:32:46 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Extensions
[2009-12-01 06:13:24 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Firefox\Profiles\uv86o70i.default\extensions
[2009-10-17 03:26:22 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Firefox\Profiles\uv86o70i.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2009-11-16 00:50:00 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Firefox\Profiles\uv86o70i.default\extensions\{58c64034-c5f3-4179-85f5-81642f42b6d5}
[2009-10-14 07:37:00 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Firefox\Profiles\uv86o70i.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2009-10-25 06:04:32 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Firefox\Profiles\uv86o70i.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009-11-25 01:53:02 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Firefox\Profiles\uv86o70i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009-10-05 16:20:08 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Firefox\Profiles\uv86o70i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-10-05 16:20:07 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Firefox\Profiles\uv86o70i.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009-10-20 05:56:26 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Firefox\Profiles\uv86o70i.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009-11-04 17:00:57 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Firefox\Profiles\uv86o70i.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009-10-15 04:06:45 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Firefox\Profiles\uv86o70i.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009-10-20 05:56:20 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Firefox\Profiles\uv86o70i.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009-10-05 16:20:08 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Firefox\Profiles\uv86o70i.default\extensions\fastdial@telega.phpnet.us
[2009-11-16 00:55:24 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Firefox\Profiles\uv86o70i.default\extensions\passwordbank@upek.com
[2009-11-15 08:47:34 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Firefox\Profiles\uv86o70i.default\extensions\personas@christopher.beard
[2009-10-05 16:20:04 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Firefox\Profiles\uv86o70i.default\extensions\refractor@developer.mozilla.org
[2009-10-05 16:20:04 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Firefox\Profiles\uv86o70i.default\extensions\refractor@developer.mozilla.org\prism\extensions
[2009-10-14 18:33:35 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Mozilla\Sunbird\Profiles\a6adpjfh.default\extensions
[2009-11-25 00:48:50 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: (824 bytes) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [lrsprp] C:\Windows\lrsprp.exe (Leithauser Research)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SWQuickLauncher] D:\SolarWinds\Engineer's Toolset\SWLauncher.exe (SolarWinds)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-2575695102-1773156560-2108021336-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2575695102-1773156560-2108021336-1000..\Run: [Google Update] C:\Users\W4steD\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-2575695102-1773156560-2108021336-1000..\Run: [googletalk] C:\Users\W4steD\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-2575695102-1773156560-2108021336-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-2575695102-1773156560-2108021336-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2575695102-1773156560-2108021336-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-2575695102-1773156560-2108021336-1000..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\W4steD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CircleDock - Shortcut.lnk = D:\The Engine\CircleDock0.9.2Alpha8.2\CircleDock.exe (Eric Wong)
O4 - Startup: C:\Users\W4steD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe (Elias Fotinis)
O4 - Startup: C:\Users\W4steD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\W4steD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.94.243.70 59.179.243.70
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 03:12:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009-03-20 21:12:25 | 00,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007-09-13 20:03:01 | 00,000,045 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6ce8f876-a3ef-11de-9685-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6ce8f876-a3ef-11de-9685-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Launch.exe -- [2004-10-22 06:08:02 | 00,126,976 | R--- | M] (Macrovision Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009-07-14 08:07:08 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (-4294967296)

========== Files/Folders - Created Within 14 Days ==========

[2009-12-01 06:29:54 | 00,000,000 | ---D | C] -- C:\Users\W4steD\AppData\Roaming\Malwarebytes
[2009-12-01 06:29:46 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009-12-01 06:29:44 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009-12-01 06:29:44 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-12-01 06:29:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009-11-30 11:30:32 | 00,000,000 | ---D | C] -- C:\Program Files\Intel Corporation
[2009-11-30 11:12:58 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-11-25 15:44:21 | 00,000,000 | ---D | C] -- C:\Users\W4steD\dwhelper
[2009-11-25 01:49:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009-11-25 01:49:04 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009-11-25 00:56:30 | 00,000,000 | ---D | C] -- C:\Users\W4steD\AppData\Roaming\skypePM
[2009-11-25 00:56:11 | 00,000,000 | ---D | C] -- C:\Users\W4steD\AppData\Roaming\Yahoo!
[2009-11-25 00:55:41 | 00,000,000 | ---D | C] -- C:\Users\W4steD\AppData\Local\Yahoo
[2009-11-25 00:54:25 | 00,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2009-11-25 00:53:54 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009-11-25 00:48:59 | 00,000,000 | ---D | C] -- C:\Users\W4steD\AppData\Roaming\Skype
[2009-11-25 00:48:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009-11-25 00:48:30 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009-11-25 00:48:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009-11-23 12:03:51 | 00,000,000 | ---D | C] -- C:\Users\W4steD\Documents\CAPCOM
[2009-11-23 12:02:44 | 00,000,000 | ---D | C] -- C:\Users\W4steD\AppData\Local\Microsoft Games
[2009-11-23 07:14:42 | 00,000,000 | ---D | C] -- C:\Users\W4steD\AppData\Local\CAPCOM
[2009-11-23 06:49:32 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009-11-20 18:07:22 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009-11-19 19:04:27 | 00,000,000 | ---D | C] -- C:\Users\W4steD\Documents\Google Talk Received Files
[2009-11-18 10:45:15 | 00,000,000 | ---D | C] -- C:\Users\W4steD\Documents\dbz
[2009-09-04 05:40:04 | 00,315,392 | ---- | C] ( ) -- C:\Windows\System32\sbcrreag.dll

========== Files - Modified Within 14 Days ==========

[2009-12-01 09:37:38 | 00,110,940 | ---- | M] () -- C:\Users\W4steD\Documents\TheWastedShirt.jpg
[2009-12-01 09:37:37 | 04,980,736 | -HS- | M] () -- C:\Users\W4steD\NTUSER.DAT
[2009-12-01 09:28:00 | 00,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2575695102-1773156560-2108021336-1000UA.job
[2009-12-01 09:27:06 | 00,000,043 | ---- | M] () -- C:\Users\W4steD\Documents\b.gif
[2009-12-01 09:10:36 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009-12-01 07:37:14 | 00,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009-12-01 07:37:14 | 00,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009-12-01 07:31:53 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009-12-01 07:31:30 | 16,090,89024 | -HS- | M] () -- C:\hiberfil.sys
[2009-12-01 07:30:16 | 03,650,396 | -H-- | M] () -- C:\Users\W4steD\AppData\Local\IconCache.db
[2009-12-01 06:29:51 | 00,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009-11-30 12:28:01 | 00,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2575695102-1773156560-2108021336-1000Core.job
[2009-11-30 11:12:59 | 00,002,043 | ---- | M] () -- C:\Users\W4steD\Desktop\HijackThis.lnk
[2009-11-28 02:00:17 | 00,727,362 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009-11-28 02:00:17 | 00,624,128 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009-11-28 02:00:17 | 00,107,728 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009-11-25 01:49:04 | 00,001,591 | ---- | M] () -- C:\Users\W4steD\Desktop\DivX Movies.lnk
[2009-11-25 00:56:35 | 00,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009-11-25 00:54:28 | 00,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2009-11-25 00:48:34 | 00,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009-11-23 05:26:18 | 00,000,617 | ---- | M] () -- C:\Users\W4steD\Desktop\Play Street Fighter IV.lnk
[2009-11-20 03:35:28 | 00,000,600 | ---- | M] () -- C:\Users\W4steD\PUTTY.RND
[2009-11-19 19:04:28 | 00,000,769 | ---- | M] () -- C:\Users\W4steD\Desktop\Google Talk Received Files.lnk
[2009-11-19 12:44:57 | 00,002,222 | ---- | M] () -- C:\Users\W4steD\Desktop\Google Chrome.lnk
[2009-11-18 12:45:25 | 00,001,266 | ---- | M] () -- C:\Users\W4steD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

========== Files Created - No Company Name ==========

[2009-12-01 09:27:04 | 00,000,043 | ---- | C] () -- C:\Users\W4steD\Documents\b.gif
[2009-12-01 06:29:51 | 00,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009-11-30 11:12:59 | 00,002,043 | ---- | C] () -- C:\Users\W4steD\Desktop\HijackThis.lnk
[2009-11-25 01:49:04 | 00,001,591 | ---- | C] () -- C:\Users\W4steD\Desktop\DivX Movies.lnk
[2009-11-25 00:56:35 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009-11-25 00:54:28 | 00,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2009-11-25 00:48:34 | 00,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009-11-23 05:26:18 | 00,000,617 | ---- | C] () -- C:\Users\W4steD\Desktop\Play Street Fighter IV.lnk
[2009-11-23 03:48:22 | 00,475,899 | ---- | C] () -- C:\Users\W4steD\Documents\Cv_loveneet_nigam.pdf
[2009-11-19 19:04:28 | 00,000,769 | ---- | C] () -- C:\Users\W4steD\Desktop\Google Talk Received Files.lnk
[2009-11-19 12:23:52 | 00,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2575695102-1773156560-2108021336-1000UA.job
[2009-11-19 12:23:50 | 00,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2575695102-1773156560-2108021336-1000Core.job
[2009-11-14 14:51:41 | 00,020,459 | ---- | C] () -- C:\Users\W4steD\AppData\Roaming\UserTile.png
[2009-10-23 13:39:07 | 02,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009-10-23 05:29:53 | 00,007,605 | ---- | C] () -- C:\Users\W4steD\AppData\Local\Resmon.ResmonCfg
[2009-10-15 06:55:38 | 00,000,174 | ---- | C] () -- C:\Windows\iffls.ini
[2009-09-28 09:22:00 | 00,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009-07-14 05:21:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 05:12:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008-10-07 21:43:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008-10-07 21:43:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 21:43:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008-10-07 21:43:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008-10-07 21:43:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 21:43:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008-10-07 21:43:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008-10-07 21:43:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008-10-07 21:43:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008-10-07 21:43:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007-11-07 01:49:28 | 00,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007-07-26 05:10:02 | 00,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007-01-23 17:41:20 | 00,141,312 | ---- | C] () -- C:\Windows\System32\QFClient2.dll
[2006-09-16 16:14:32 | 01,880,140 | ---- | C] () -- C:\Program Files\Anti NetCut.CAB
[2006-09-16 16:14:27 | 00,003,808 | ---- | C] () -- C:\Program Files\SETUP.LST
[2003-09-02 03:20:32 | 00,159,744 | ---- | C] () -- C:\Windows\System32\vsppg8.dll
[2003-08-07 15:30:46 | 00,126,976 | ---- | C] () -- C:\Windows\System32\c1sizerppg.dll
[1999-10-21 15:02:00 | 00,028,672 | ---- | C] () -- C:\Windows\System32\MabryCHM.DLL

========== LOP Check ==========

[2009-10-26 00:45:24 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\181064-GPass
[2009-10-21 13:40:56 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Azureus
[2009-10-08 14:58:39 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\cald3
[2009-10-22 06:41:21 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\com.adobe.ExMan
[2009-10-20 12:00:09 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Desktopicon
[2009-12-01 09:10:57 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\DMCache
[2009-11-12 01:30:26 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\FileZilla
[2009-11-16 00:50:06 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Fingerfox (SE)
[2009-10-14 16:44:06 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\GPass
[2009-10-13 11:35:53 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Highresolution Enterprises
[2009-11-30 11:36:18 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\IDM
[2009-09-18 08:47:38 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Leadertech
[2009-11-14 14:51:40 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\PeerNetworking
[2009-10-08 10:36:37 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Protector Suite
[2009-10-14 17:04:10 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\Thunderbird
[2009-09-18 07:02:49 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\TMP
[2009-10-18 23:58:38 | 00,000,000 | ---D | M] -- C:\Users\W4steD\AppData\Roaming\WordWeb
[2009-11-09 10:29:37 | 00,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009-11-13 01:27:48 | 13,847,6056 | ---- | M] (Solarwinds.net ) -- C:\SolarWinds-Engineers-Toolset-V9.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009-07-14 06:46:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009-07-14 06:46:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009-07-14 06:46:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009-07-14 06:46:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2009-07-14 06:45:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009-07-14 06:45:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2007-03-22 01:28:56 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\dell\drivers\R166200\iastor.sys
[2009-06-05 07:13:16 | 00,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iaStor.sys
[2009-06-05 07:24:36 | 00,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009-06-05 07:13:16 | 00,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009-06-05 07:13:16 | 00,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
[2007-04-26 00:47:36 | 00,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_9b7f21209ab560c7\iaStor.sys

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2009-07-14 06:50:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009-07-14 06:50:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009-07-14 06:50:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009-07-14 06:56:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 06:56:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 06:56:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2009-07-14 06:56:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 06:56:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-14 06:56:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >
< End of report >




thanks...

the virus is still there i think coz my antivirus still keeps popping up :(

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:27 AM

Posted 01 December 2009 - 07:46 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.

=====================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 vmkrulz

vmkrulz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:57 AM

Posted 03 December 2009 - 08:15 AM

sorry sir it took me time to reply

i coulnt do the kaspersky antivirus scan coz i get a error each time sayin "u need an uninterrupted internet connection"

i did the other scan and here is the log


All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: W4steD
->Temp folder emptied: 85874606 bytes
->Temporary Internet Files folder emptied: 49539034 bytes
->Java cache emptied: 702867 bytes
->FireFox cache emptied: 105033947 bytes
->Google Chrome cache emptied: 153657212 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 1462513 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 377.94 mb


OTL by OldTimer - Version 3.1.11.4 log created on 12012009_201900

Files\Folders moved on Reboot...
C:\Windows\temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FXSTIFFDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...






THE POP-UP BY MY ANTI VIRUS DOESN'T OCCUR ANYMORE....I THINK THAT VIRUS HAS BEEN REMOVED!

THANK YOU FOR YOUR HELP!

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:27 AM

Posted 03 December 2009 - 08:55 AM

It may have been something that kaspersky found and removed even though it wasn't able to run to completion.


Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:27 AM

Posted 24 December 2009 - 08:50 AM

Unfortunately there has been no response. :(
This topic will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users